CVE-2013-2566

EPSS 90.32%
Veröffentlicht 15.03.2013 21:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 24

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Communications Application Session Controller Version >= 3.0.0 <= 3.9.1

Oracle ≫ HTTP Server Version11.1.1.7.0

Oracle ≫ HTTP Server Version11.1.1.9.0

Oracle ≫ HTTP Server Version12.1.3.0.0

Oracle ≫ HTTP Server Version12.2.1.1.0

Oracle ≫ HTTP Server Version12.2.1.2.0

Oracle ≫ Integrated Lights Out Manager Firmware Version >= 3.0.0 <= 3.2.11

Oracle ≫ Integrated Lights Out Manager Firmware Version >= 4.0.0 <= 4.0.4

Fujitsu ≫ Sparc Enterprise M3000 Firmware Version >= xcp < xcp_1121

Fujitsu ≫ Sparc Enterprise M3000 Version-

Fujitsu ≫ Sparc Enterprise M4000 Firmware Version >= xcp < xcp_1121

Fujitsu ≫ Sparc Enterprise M4000 Version-

Fujitsu ≫ Sparc Enterprise M5000 Firmware Version >= xcp < xcp_1121

Fujitsu ≫ Sparc Enterprise M5000 Version-

Fujitsu ≫ Sparc Enterprise M8000 Firmware Version >= xcp < xcp_1121

Fujitsu ≫ Sparc Enterprise M8000 Version-

Fujitsu ≫ Sparc Enterprise M9000 Firmware Version >= xcp < xcp_1121

Fujitsu ≫ Sparc Enterprise M9000 Version-

Fujitsu ≫ M10-1 Firmware Version >= xcp < xcp2280

Fujitsu ≫ M10-1 Version-

Fujitsu ≫ M10-4 Firmware Version >= xcp < xcp2280

Fujitsu ≫ M10-4 Version-

Fujitsu ≫ M10-4s Firmware Version >= xcp < xcp2280

Fujitsu ≫ M10-4s Version-

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version12.10

Canonical ≫ Ubuntu Linux Version13.04

Canonical ≫ Ubuntu Linux Version13.10

Mozilla ≫ Firefox Version < 17.0.11

Mozilla ≫ Firefox Version < 25.0.1

Mozilla ≫ Firefox Version >= 24.1.0 < 24.1.1

Mozilla ≫ Seamonkey Version < 2.22.1

Mozilla ≫ Thunderbird Version < 24.1.1

Mozilla ≫ Thunderbird Esr Version < 17.0.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	90.32%	0.996

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Third Party Advisory