Revision Date: | 2015-03-23 | Version: | 6 | Title: | Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products | Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | Family: | windows | Class: | vulnerability | Status: | ACCEPTED | Reference(s): | CVE-2013-0169
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP
| Product(s): | Java Runtime Environment
| Definition Synopsis | Determine if the version of Java Runtime Environment is less than 1.4.2:update_42 and is greater than or equal to 1.4.0 Determine if the version of Java Runtime Environment is less than 1.4.2:update_42
AND Java SE Runtime Environment 4 is installed
OR Determine if the version of Java Runtime Environment is less than or equal to 1.5.0:update_41 and is greater than or equal to 1.5.0
Determine if the version of Java Runtime Environment is less than 1.5.0:update_40
AND Java SE Runtime Environment 5 is installed
OR Determine if the version of Java Runtime Environment is less than or equal to 1.6.0:update_39 and is greater than or equal to 1.6.0
Determine if the version of Java Runtime Environment is less than 1.6.0:update_39
AND Java SE Runtime Environment 6 is installed
OR Determine if the version of Java Runtime Environment is less than or equal to 1.7.0:update_13 and is greater than or equal to 1.7.0
Determine if the version of Java Runtime Environment is less than 1.7.0:update_14
AND Java SE Runtime Environment 7 is installed
|
|