CVE-2013-2566

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2013-2566
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

5.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www.isg.rhul.ac.uk/tls/ Third Party Advisory
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html Third Party Advisory
http://cr.yp.to/talks/2013.03.12/slides.pdf Third Party Advisory
http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4 Third Party Advisory
http://www.opera.com/security/advisory/1046 Third Party Advisory
http://www.opera.com/docs/changelogs/unified/1215/ Third Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html Third Party Advisory
http://www.ubuntu.com/usn/USN-2031-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2032-1 Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-19.xml Third Party Advisory
http://marc.info/?l=bugtraq&m=143039468003789&w=2 Issue Tracking Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 Third Party Advisory
http://www.securityfocus.com/bid/58796 Third Party Advisory VDB Entry
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory
https://security.gentoo.org/glsa/201504-01 Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sparc_enterprise_m3000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sparc_enterprise_m4000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sparc_enterprise_m5000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sparc_enterprise_m8000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sparc_enterprise_m9000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

Configuration 11 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
Information

Published : 2013-03-15 14:55

Updated : 2020-11-23 11:48

NVD link : CVE-2013-2566

Mitre link : CVE-2013-2566

JSON object : View

CWE
CWE-326

Inadequate Encryption Strength

Advertisement

dedicated server usa
Products Affected

mozilla

  • firefox_esr
  • thunderbird
  • firefox
  • seamonkey
  • thunderbird_esr

oracle

  • integrated_lights_out_manager_firmware
  • http_server
  • communications_application_session_controller

fujitsu

  • m10-4
  • m10-4_firmware
  • m10-1_firmware
  • sparc_enterprise_m9000_firmware
  • sparc_enterprise_m9000
  • sparc_enterprise_m8000
  • sparc_enterprise_m5000
  • m10-4s
  • sparc_enterprise_m8000_firmware
  • sparc_enterprise_m5000_firmware
  • sparc_enterprise_m3000_firmware
  • sparc_enterprise_m4000
  • sparc_enterprise_m3000
  • m10-4s_firmware
  • sparc_enterprise_m4000_firmware
  • m10-1

canonical

  • ubuntu_linux