5.9
CVE-2013-2566
- EPSS 84.42%
- Veröffentlicht 15.03.2013 21:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Communications Application Session Controller Version >= 3.0.0 <= 3.9.1
Oracle ≫ HTTP Server Version11.1.1.7.0
Oracle ≫ HTTP Server Version11.1.1.9.0
Oracle ≫ HTTP Server Version12.1.3.0.0
Oracle ≫ HTTP Server Version12.2.1.1.0
Oracle ≫ HTTP Server Version12.2.1.2.0
Oracle ≫ Integrated Lights Out Manager Firmware Version >= 3.0.0 <= 3.2.11
Oracle ≫ Integrated Lights Out Manager Firmware Version >= 4.0.0 <= 4.0.4
Fujitsu ≫ Sparc Enterprise M3000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M4000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M5000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M8000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M9000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ M10-1 Firmware Version >= xcp < xcp2280
Fujitsu ≫ M10-4 Firmware Version >= xcp < xcp2280
Fujitsu ≫ M10-4s Firmware Version >= xcp < xcp2280
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version12.10
Canonical ≫ Ubuntu Linux Version13.04
Canonical ≫ Ubuntu Linux Version13.10
Mozilla ≫ Thunderbird Version < 24.1.1
Mozilla ≫ Thunderbird Esr Version < 17.0.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 84.42% | 0.997 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://security.gentoo.org/glsa/glsa-201406-19.xml
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://marc.info/?l=bugtraq&m=143039468003789&w=2
http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4
http://www.isg.rhul.ac.uk/tls/
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
http://www.opera.com/docs/changelogs/unified/1215/
http://www.opera.com/security/advisory/1046
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/58796
http://www.ubuntu.com/usn/USN-2031-1
http://www.ubuntu.com/usn/USN-2032-1
https://security.gentoo.org/glsa/201504-01