The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
OpenSSL
Information Disclosure
Openjdk
Polarssl
NVD
CVSS 2.0
2.6
EPSS
0.8%