CVE-2013-2566

{"id": "CVE-2013-2566", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2013-03-15T21:55:01.047", "references": [{"url": "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://cr.yp.to/talks/2013.03.12/slides.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=143039468003789&w=2", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=143039468003789&w=2", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.isg.rhul.ac.uk/tls/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.opera.com/docs/changelogs/unified/1215/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.opera.com/security/advisory/1046", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/58796", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/USN-2031-1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/USN-2032-1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201504-01", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://cr.yp.to/talks/2013.03.12/slides.pdf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=143039468003789&w=2", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=143039468003789&w=2", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.isg.rhul.ac.uk/tls/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.opera.com/docs/changelogs/unified/1215/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.opera.com/security/advisory/1046", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/58796", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2031-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2032-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201504-01", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext."}, {"lang": "es", "value": "El algoritmo RC4, tal como se usa en el protocolo TLS y protocolo SSL, tiene muchos \"single-byte biases\", lo que hace que sea m\u00e1s f\u00e1cil para atacantes remotos realizar ataques de recuperaci\u00f3n de texto claro a trav\u00e9s de an\u00e1lisis estad\u00edstico de texto cifrado en un gran n\u00famero de sesiones que utilizan el mismo texto claro."}], "lastModified": "2024-11-21T01:51:57.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9750DF83-22E8-4299-BC95-33217B968211", "versionEndIncluding": "3.9.1", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "911FBD5E-213D-482F-81A9-C3B8CE7D903A"}, {"criteria": "cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBD2676F-EE9D-4462-ABA5-C11CE726849C"}, {"criteria": "cpe:2.3:a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6505AE29-5091-4C72-AF6B-932DEF53A8D2"}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EC475C1-A339-4C49-B6BA-A0E4D6FDF5DF"}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38A45A86-3B7E-4245-B717-2A6E868BE6BE"}, {"criteria": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24EDBB8B-1AFB-498D-B78C-7BC72B8C1085", "versionEndIncluding": "3.2.11", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3024389-3D4A-4E19-BE42-DAF9EA51D471", "versionEndIncluding": "4.0.4", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DBE3B60-DED8-4F47-A60F-410ECB873BAE", "versionEndExcluding": "xcp_1121", "versionStartIncluding": "xcp"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:sparc_enterprise_m3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AB54B753-F066-4387-B0C3-43E647A42EBE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BBD38A2-1B17-4B28-9FE1-6D62A6337C12", "versionEndExcluding": "xcp_1121", "versionStartIncluding": "xcp"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:sparc_enterprise_m4000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1846C0CA-AE13-435F-BF91-EEE0CC311DD5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5884F45B-F822-46B9-A0DC-6B59A3C3E7E0", "versionEndExcluding": "xcp_1121", "versionStartIncluding": "xcp"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:sparc_enterprise_m5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2EDCD99-9677-45A7-9221-3A6A41917A7C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ED7A13F-9510-4FA0-96A6-D2D34D49545F", "versionEndExcluding": "xcp_1121", "versionStartIncluding": "xcp"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:sparc_enterprise_m8000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9581ABD4-5ED6-4EC5-8A0B-1D7A449C10D5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C4C1EC1-19BE-4E1E-8F56-47A83AD0410D", "versionEndExcluding": "xcp_1121", "versionStartIncluding": "xcp"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:sparc_enterprise_m9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0A2CEAD6-9F8C-411C-9107-BA858CB8A31B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AB4298E-79C7-418D-B843-8EBDC6682342", "versionEndExcluding": "xcp2280", "versionStartIncluding": "xcp"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F45C5EA-556E-47A5-81FB-F6A85342FAC4", "versionEndExcluding": "xcp2280", "versionStartIncluding": "xcp"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04F93A4F-97A9-4B32-A460-86B5EBCEB263", "versionEndExcluding": "xcp2280", "versionStartIncluding": "xcp"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74242CE4-EB52-4765-A5E9-94C808EFC997", "versionEndExcluding": "17.0.11"}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E547DD8-D3E3-4CA9-BE68-313A476A4B80", "versionEndExcluding": "25.0.1"}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7236D2E-3A8D-48DF-817E-0B536EF66891", "versionEndExcluding": "24.1.1", "versionStartIncluding": "24.1.0"}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAA54653-EDA1-4B8E-B328-51B0D77D2027", "versionEndExcluding": "2.22.1"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBBD7730-3DCA-4448-A912-1B6AE4658355", "versionEndExcluding": "24.1.1"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19BF5469-96AF-43B2-B875-C5241BD406F2", "versionEndExcluding": "17.0.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}