製品・ソフトウェアに関する情報

JVN脆弱性詳細

Mozilla Network Security Services におけるサービス運用妨害 (DoS) の脆弱性

Title	Mozilla Network Security Services におけるサービス運用妨害 (DoS) の脆弱性
Summary	Mozilla Network Security Services (NSS) は、読み取り操作の前にデータ構造が初期化されることを確認しないため、サービス運用妨害 (DoS) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。
Possible impacts	第三者により、復号化の失敗を誘発されることで、サービス運用妨害 (DoS) 状態にされるなど、不特定の影響を受ける可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 25, 2013, midnight
Registration Date	Oct. 24, 2013, 4:20 p.m.
Last Update	Jan. 29, 2016, 4:29 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

オラクル

Oracle Communications Applications の Oracle Communications Messaging Server 7.0.5.30.0 およびそれ以前

Oracle Enterprise Manager Ops Center 12.1.4 未満

Oracle Enterprise Manager Ops Center 12.2.0

Oracle Enterprise Manager Ops Center 12.2.1

Oracle Enterprise Manager Ops Center 12.3.0

Oracle Fusion Middleware の Oracle Directory Server Enterprise Edition 11.1.1.7

Oracle Fusion Middleware の Oracle Directory Server Enterprise Edition 7.0

Oracle Fusion Middleware の Oracle OpenSSO 3.0-04

Oracle Fusion Middleware の Oracle Traffic Director 11.1.1.7.0

Oracle GlassFish Server 2.1.1

Oracle iPlanet Web Proxy Server 4.0.24

Oracle iPlanet Web Server 6.1

Oracle iPlanet Web Server 7.0

Mozilla Foundation

Mozilla Firefox 25.0 未満

Mozilla Firefox ESR 17.0.10 未満

Mozilla Firefox ESR 24.1 未満

Mozilla Network Security Services (NSS) 3.15.2 未満

Mozilla SeaMonkey 2.22 未満

Mozilla Thunderbird 24.1 未満

Mozilla Thunderbird ESR 17.0.10 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-1739	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
National Vulnerability Database (NVD)
2	CVE-2013-1739	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1739

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Mozilla Developer Network
1	NSS 3.15.2 release notes	https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes
Mozilla Foundation Security Advisory
2	MFSA2013-93	https://www.mozilla.org/security/announce/2013/mfsa2013-93.html
Mozilla Foundation セキュリティアドバイザリ
3	MFSA2013-93	http://www.mozilla-japan.org/security/announce/2013/mfsa2013-93.html
opensuse-updates
4	openSUSE-SU-2013:1539	http://lists.opensuse.org/opensuse-updates/2013-10/msg00013.html
5	openSUSE-SU-2013:1542	http://lists.opensuse.org/opensuse-updates/2013-10/msg00016.html
Oracle Critical Patch Update
6	Oracle Critical Patch Update Advisory - January 2015	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
7	Oracle Critical Patch Update Advisory - January 2016	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
8	Oracle Critical Patch Update Advisory - July 2014	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
9	Oracle Critical Patch Update Advisory - October 2014	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
10	Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html
11	Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html
12	Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html
13	Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html
Red Hat Bugzilla
14	Bug 1012656	https://bugzilla.redhat.com/show_bug.cgi?id=1012656
Red Hat Security Advisory
15	RHSA-2013:1791	http://rhn.redhat.com/errata/RHSA-2013-1791.html
16	RHSA-2013:1829	http://rhn.redhat.com/errata/RHSA-2013-1829.html
SECURITY BLOG
17	January 2015 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2015_critical_patch_update
18	January 2016 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2016_critical_patch_update
19	Multiple vulnerabilities fixed in NSS 3.16	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_nss
20	October 2014 Critical Patch Update Released	https://blogs.oracle.com/security/entry/october_2014_critical_patch_update

Change Log

No	Changed Details	Date of change
0	[2013年10月24日] 掲載 [2013年11月12日] ベンダ情報：Novell (openSUSE-SU-2013:1542) を追加ベンダ情報：Novell (openSUSE-SU-2013:1539) を追加 [2014年02月27日] ベンダ情報：レッドハット (RHSA-2013:1791) を追加ベンダ情報：レッドハット (RHSA-2013:1829) を追加 [2014年07月25日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2014) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices) を追加 [2014年08月07日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：Mozilla Foundation (MFSA2013-93) を追加 [2014年10月21日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - October 2014) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices) を追加ベンダ情報：オラクル (October 2014 Critical Patch Update Released) を追加 [2014年12月02日] ベンダ情報：オラクル (Multiple vulnerabilities fixed in NSS 3.16) を追加 [2015年01月30日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - January 2015) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices) を追加ベンダ情報：オラクル (January 2015 Critical Patch Update Released) を追加 [2016年01月29日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - January 2016) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices) を追加ベンダ情報：オラクル (January 2016 Critical Patch Update Released) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2013-1739

Summary	Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.
Publication Date	Oct. 23, 2013, 7:55 a.m.
Registration Date	Jan. 26, 2021, 3:36 p.m.
Last Update	Nov. 21, 2024, 10:50 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:network_security_services:3.12.5:::::::*
cpe:2.3:a:mozilla:network_security_services:3.15:::::::*
cpe:2.3:a:mozilla:network_security_services:3.14.1:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.9:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.3.1:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.6:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.8:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.11:::::::*
cpe:2.3:a:mozilla:network_security_services:3.14.3:::::::*
cpe:2.3:a:mozilla:network_security_services:3.14:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.2:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.10:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.4:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.1:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.3.2:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.3:::::::*
cpe:2.3:a:mozilla:network_security_services:3.14.2:::::::*
cpe:2.3:a:mozilla:network_security_services::::::::		3.15.1
cpe:2.3:a:mozilla:network_security_services:3.12.7:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12:::::::*

Related information, measures and tools

No	URL	タグ
1	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
2	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
3	http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html
4	http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html
5	http://lists.opensuse.org/opensuse-updates/2013-10/msg00013.html
6	http://lists.opensuse.org/opensuse-updates/2013-10/msg00013.html
7	http://lists.opensuse.org/opensuse-updates/2013-10/msg00016.html
8	http://lists.opensuse.org/opensuse-updates/2013-10/msg00016.html
9	http://rhn.redhat.com/errata/RHSA-2013-1791.html
10	http://rhn.redhat.com/errata/RHSA-2013-1791.html
11	http://rhn.redhat.com/errata/RHSA-2013-1829.html
12	http://rhn.redhat.com/errata/RHSA-2013-1829.html
13	http://seclists.org/fulldisclosure/2014/Dec/23
14	http://seclists.org/fulldisclosure/2014/Dec/23
15	http://security.gentoo.org/glsa/glsa-201406-19.xml
16	http://security.gentoo.org/glsa/glsa-201406-19.xml
17	http://www.debian.org/security/2013/dsa-2790
18	http://www.debian.org/security/2013/dsa-2790
19	http://www.mozilla.org/security/announce/2013/mfsa2013-93.html
20	http://www.mozilla.org/security/announce/2013/mfsa2013-93.html
21	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
22	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
23	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
24	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
25	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
26	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
27	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
28	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
29	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
30	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
31	http://www.securityfocus.com/archive/1/534161/100/0/threaded
32	http://www.securityfocus.com/archive/1/534161/100/0/threaded
33	http://www.securityfocus.com/bid/62966
34	http://www.securityfocus.com/bid/62966
35	http://www.ubuntu.com/usn/USN-2030-1
36	http://www.ubuntu.com/usn/USN-2030-1
37	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
38	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
39	https://bugzilla.mozilla.org/show_bug.cgi?id=894370
40	https://bugzilla.mozilla.org/show_bug.cgi?id=894370
41	https://bugzilla.redhat.com/show_bug.cgi?id=1012656
42	https://bugzilla.redhat.com/show_bug.cgi?id=1012656
43	https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes	Vendor Advisory
44	https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes	Vendor Advisory
45	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19254
46	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19254

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:network_security_services:3.12.5:::::::*
cpe:2.3:a:mozilla:network_security_services:3.15:::::::*
cpe:2.3:a:mozilla:network_security_services:3.14.1:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.9:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.3.1:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.6:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.8:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.11:::::::*
cpe:2.3:a:mozilla:network_security_services:3.14.3:::::::*
cpe:2.3:a:mozilla:network_security_services:3.14:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.2:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.10:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.4:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.1:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.3.2:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12.3:::::::*
cpe:2.3:a:mozilla:network_security_services:3.14.2:::::::*
cpe:2.3:a:mozilla:network_security_services::::::::		3.15.1
cpe:2.3:a:mozilla:network_security_services:3.12.7:::::::*
cpe:2.3:a:mozilla:network_security_services:3.12:::::::*