Vulnerability CVE-2013-2566

Vulnerability Name:

CVE-2013-2566 (CCN-82884)

Assigned:

2013-03-12

Published:

2013-03-12

Updated:

2020-11-23

Summary:

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-326

Vulnerability Consequences:

Obtain Information

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:* (Version >= 3.0.0 and <= 3.9.1)

OR cpe:/a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:http_server:12.2.1.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*

OR cpe:/o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:* (Version >= 3.0.0 and <= 3.2.11)

OR cpe:/o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:* (Version >= 4.0.0 and <= 4.0.4)

Configuration 2:

cpe:/o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:* (Version >= xcp and < xcp_1121)

AND

cpe:/h:fujitsu:sparc_enterprise_m3000:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:* (Version >= xcp and < xcp_1121)

AND

cpe:/h:fujitsu:sparc_enterprise_m4000:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:* (Version >= xcp and < xcp_1121)

AND

cpe:/h:fujitsu:sparc_enterprise_m5000:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:* (Version >= xcp and < xcp_1121)

AND

cpe:/h:fujitsu:sparc_enterprise_m8000:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:* (Version >= xcp and < xcp_1121)

AND

cpe:/h:fujitsu:sparc_enterprise_m9000:-:*:*:*:*:*:*:*

Configuration 7:

cpe:/o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:* (Version >= xcp and < xcp2280)

AND

cpe:/h:fujitsu:m10-1:-:*:*:*:*:*:*:*

Configuration 8:

cpe:/o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:* (Version >= xcp and < xcp2280)

AND

cpe:/h:fujitsu:m10-4:-:*:*:*:*:*:*:*

Configuration 9:

cpe:/o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:* (Version >= xcp and < xcp2280)

AND

cpe:/h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

Configuration 10:

cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

OR cpe:/o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

Configuration 11:

cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version < 25.0.1)

OR cpe:/a:mozilla:firefox_esr:*:*:*:*:*:*:*:* (Version < 17.0.11)

OR cpe:/a:mozilla:firefox_esr:*:*:*:*:*:*:*:* (Version >= 24.1.0 and < 24.1.1)

OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version < 2.22.1)

OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version < 24.1.1)

OR cpe:/a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:* (Version < 17.0.11)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20132566	V	CVE-2013-2566	2022-05-20
oval:org.opensuse.security:def:33110	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:26161	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:26144	P	Security update for libqt5-qtsvg (Moderate)	2021-10-11
oval:org.opensuse.security:def:31664	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:26080	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:26077	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:36186	P	libfreebl3-3.17.3-0.8.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36519	P	mozilla-nss-devel-3.17.3-0.8.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42593	P	libfreebl3-3.17.3-0.8.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26068	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:32106	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:31738	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:32262	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:31653	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:31652	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:26069	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:32019	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:26353	P	Security update for tor (Moderate)	2020-12-01
oval:org.opensuse.security:def:25811	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:32472	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:26786	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26365	P	Security update of chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26272	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:27184	P	libfreebl3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25747	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:32428	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26747	P	libgdiplus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26312	P	Security update for dnsmasq (Important)	2020-12-01
oval:org.opensuse.security:def:31962	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:27149	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25736	P	Security update for mozilla-nspr, mozilla-nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:32406	P	Security update for wavpack (Moderate)	2020-12-01
oval:org.opensuse.security:def:26698	P	foomatic-filters on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31870	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:27517	P	mozilla-nss-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26511	P	Security update for icingaweb2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25735	P	Security update for exiv2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32367	P	Security update for syslog-ng (Moderate)	2020-12-01
oval:org.opensuse.security:def:26645	P	unrar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27482	P	libsamplerate-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26467	P	Security update for redis (Important)	2020-12-01
oval:org.opensuse.security:def:32318	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:26494	P	Security update for pdns-recursor (Important)	2020-12-01
oval:org.opensuse.security:def:26020	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:33149	P	libfreebl3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26844	P	xorg-x11-Xvnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26453	P	Security update for kauth (Moderate)	2020-12-01
oval:org.opensuse.security:def:26410	P	Security update for freexl (Important)	2020-12-01
oval:org.opensuse.security:def:25939	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:26800	P	pango on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26414	P	Security update for python-Django (Moderate)	2020-12-01
oval:org.mitre.oval:def:19915	V	RC4 algorithm vulnerability	2014-10-06
oval:org.mitre.oval:def:19893	P	USN-2032-1 -- thunderbird vulnerabilities	2014-06-30
oval:org.mitre.oval:def:19958	P	USN-2031-1 -- firefox vulnerabilities	2014-06-30
oval:com.ubuntu.precise:def:20132566000	V	CVE-2013-2566 on Ubuntu 12.04 LTS (precise) - low.	2013-03-15

BACK