Published: 15/03/2013 Updated: 23/11/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Subscribe to Communications Application Session Controller

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote malicious users to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle communications application session controller
oracle http server 11.1.1.7.0
oracle http server 11.1.1.9.0
oracle http server 12.1.3.0.0
oracle http server 12.2.1.1.0
oracle http server 12.2.1.2.0
oracle integrated lights out manager firmware
fujitsu sparc_enterprise_m3000_firmware
fujitsu sparc_enterprise_m4000_firmware
fujitsu sparc_enterprise_m5000_firmware
fujitsu sparc_enterprise_m8000_firmware
fujitsu sparc_enterprise_m9000_firmware
fujitsu m10-1_firmware
fujitsu m10-4_firmware
fujitsu m10-4s_firmware
canonical ubuntu linux 12.04
canonical ubuntu linux 12.10
canonical ubuntu linux 13.04
canonical ubuntu linux 13.10
mozilla firefox
mozilla firefox esr
mozilla seamonkey
mozilla thunderbird
mozilla thunderbird esr

Several security issues were fixed in Thunderbird ...

Several security issues were fixed in Firefox ...

Mozilla Foundation Security Advisory 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities Announced November 15, 2013 Impact Critical Products Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR Fixed in ...

Critical Infrastructure Sectors: Commercial Facilities

Download and run Dirk Wetter's testssl.sh on a list of url's and compile the failures into a single spreadsheet.

Test SSL Given a list of urls, run Dirk Wetter's testsslsh on each and tabulate failures only into a single spreadheet List of URLS to test These should be put in urlstxt on separate lines Run standalone /cloneRunAndAggregatesh The file results/failscsv will be generated Example If urlstxt consists of googlecom yahoocom m

CWE-326 http://www.isg.rhul.ac.uk/tls/http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html http://cr.yp.to/talks/2013.03.12/slides.pdf http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4 http://www.opera.com/security/advisory/1046 http://www.opera.com/docs/changelogs/unified/1215/http://www.mozilla.org/security/announce/2013/mfsa2013-103.html http://www.ubuntu.com/usn/USN-2031-1 http://www.ubuntu.com/usn/USN-2032-1 http://security.gentoo.org/glsa/glsa-201406-19.xml http://marc.info/?l=bugtraq&m=143039468003789&w=2 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 http://www.securityfocus.com/bid/58796 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://security.gentoo.org/glsa/201504-01 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html https://nvd.nist.gov https://usn.ubuntu.com/2032-1/https://www.cisa.gov/uscert/ics/advisories/icsa-22-160-01

CVE-2013-2566

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect