Lucene search

[email protected]CVE-2013-2566

HistoryMar 15, 2013 - 9:55 p.m.

CVE-2013-2566

2013-03-1521:55:01

CWE-326

[email protected]

web.nvd.nist.gov

630

cve-2013-2566

rc4 algorithm

tls protocol

ssl protocol

plaintext-recovery attacks

statistical analysis

ciphertext

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

JSON

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Affected configurations

NVD

Node

oraclecommunications_application_session_controllerRange3.0.0–3.9.1

oraclehttp_serverMatch11.1.1.7.0

oraclehttp_serverMatch11.1.1.9.0

oraclehttp_serverMatch12.1.3.0.0

oraclehttp_serverMatch12.2.1.1.0

oraclehttp_serverMatch12.2.1.2.0

oracleintegrated_lights_out_manager_firmwareRange3.0.0–3.2.11

oracleintegrated_lights_out_manager_firmwareRange4.0.0–4.0.4

Node

fujitsusparc_enterprise_m3000_firmwareRangexcp–xcp_1121

AND

fujitsusparc_enterprise_m3000Match-

Node

fujitsusparc_enterprise_m4000_firmwareRangexcp–xcp_1121

AND

fujitsusparc_enterprise_m4000Match-

Node

fujitsusparc_enterprise_m5000_firmwareRangexcp–xcp_1121

AND

fujitsusparc_enterprise_m5000Match-

Node

fujitsusparc_enterprise_m8000_firmwareRangexcp–xcp_1121

AND

fujitsusparc_enterprise_m8000Match-

Node

fujitsusparc_enterprise_m9000_firmwareRangexcp–xcp_1121

AND

fujitsusparc_enterprise_m9000Match-

Node

fujitsum10-1_firmwareRangexcp–xcp2280

AND

fujitsum10-1Match-

Node

fujitsum10-4_firmwareRangexcp–xcp2280

AND

fujitsum10-4Match-

Node

fujitsum10-4s_firmwareRangexcp–xcp2280

AND

fujitsum10-4sMatch-

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

canonicalubuntu_linuxMatch13.10

Node

mozillafirefoxRange<25.0.1

mozillafirefox_esrRange<17.0.11

mozillafirefox_esrRange24.1.0–24.1.1

mozillaseamonkeyRange<2.22.1

mozillathunderbirdRange<24.1.1

mozillathunderbird_esrRange<17.0.11

CPENameOperatorVersion
oracle:communications_application_session_controlleroracle communications application session controllerle3.9.1
oracle:http_serveroracle http servereq11.1.1.7.0
oracle:http_serveroracle http servereq11.1.1.9.0
oracle:http_serveroracle http servereq12.1.3.0.0
oracle:http_serveroracle http servereq12.2.1.1.0
oracle:http_serveroracle http servereq12.2.1.2.0
oracle:integrated_lights_out_manager_firmwareoracle integrated lights out manager firmwarele3.2.11
oracle:integrated_lights_out_manager_firmwareoracle integrated lights out manager firmwarele4.0.4

CPE	Name	Operator	Version
oracle:communications_application_session_controller	oracle communications application session controller	le	3.9.1
oracle:http_server	oracle http server	eq	11.1.1.7.0
oracle:http_server	oracle http server	eq	11.1.1.9.0
oracle:http_server	oracle http server	eq	12.1.3.0.0
oracle:http_server	oracle http server	eq	12.2.1.1.0
oracle:http_server	oracle http server	eq	12.2.1.2.0
oracle:integrated_lights_out_manager_firmware	oracle integrated lights out manager firmware	le	3.2.11
oracle:integrated_lights_out_manager_firmware	oracle integrated lights out manager firmware	le	4.0.4