CVE-2013-2566
Vulnerability from cvelistv5
Published
2013-03-14 22:00
Modified
2024-08-06 15:44
Severity ?
Summary
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
References
cve@mitre.orghttp://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.htmlThird Party Advisory
cve@mitre.orghttp://cr.yp.to/talks/2013.03.12/slides.pdfThird Party Advisory
cve@mitre.orghttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705Third Party Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=143039468003789&w=2Issue Tracking, Third Party Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=143039468003789&w=2Issue Tracking, Third Party Advisory
cve@mitre.orghttp://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4Third Party Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-201406-19.xmlThird Party Advisory
cve@mitre.orghttp://www.isg.rhul.ac.uk/tls/Third Party Advisory
cve@mitre.orghttp://www.mozilla.org/security/announce/2013/mfsa2013-103.htmlThird Party Advisory
cve@mitre.orghttp://www.opera.com/docs/changelogs/unified/1215/Third Party Advisory
cve@mitre.orghttp://www.opera.com/security/advisory/1046Third Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlThird Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlThird Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlThird Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlThird Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/58796Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2031-1Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2032-1Third Party Advisory
cve@mitre.orghttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935Third Party Advisory
cve@mitre.orghttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201504-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://cr.yp.to/talks/2013.03.12/slides.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=143039468003789&w=2Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=143039468003789&w=2Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201406-19.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.isg.rhul.ac.uk/tls/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2013/mfsa2013-103.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.opera.com/docs/changelogs/unified/1215/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.opera.com/security/advisory/1046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/58796Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2031-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2032-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201504-01Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:44:32.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html"
          },
          {
            "name": "58796",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/58796"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://cr.yp.to/talks/2013.03.12/slides.pdf"
          },
          {
            "name": "HPSBGN03324",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "GLSA-201504-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "GLSA-201406-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "SSRT102035",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2"
          },
          {
            "name": "USN-2031-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2031-1"
          },
          {
            "name": "USN-2032-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2032-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/security/advisory/1046"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.isg.rhul.ac.uk/tls/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/docs/changelogs/unified/1215/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-18T01:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html"
        },
        {
          "name": "58796",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/58796"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://cr.yp.to/talks/2013.03.12/slides.pdf"
        },
        {
          "name": "HPSBGN03324",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "GLSA-201504-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201504-01"
        },
        {
          "name": "GLSA-201406-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "SSRT102035",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2"
        },
        {
          "name": "USN-2031-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2031-1"
        },
        {
          "name": "USN-2032-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2032-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/security/advisory/1046"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.isg.rhul.ac.uk/tls/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/docs/changelogs/unified/1215/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-2566",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html",
              "refsource": "MISC",
              "url": "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html"
            },
            {
              "name": "58796",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/58796"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "http://cr.yp.to/talks/2013.03.12/slides.pdf",
              "refsource": "MISC",
              "url": "http://cr.yp.to/talks/2013.03.12/slides.pdf"
            },
            {
              "name": "HPSBGN03324",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "GLSA-201406-19",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "SSRT102035",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2"
            },
            {
              "name": "USN-2031-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2031-1"
            },
            {
              "name": "USN-2032-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2032-1"
            },
            {
              "name": "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4",
              "refsource": "CONFIRM",
              "url": "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "http://www.opera.com/security/advisory/1046",
              "refsource": "CONFIRM",
              "url": "http://www.opera.com/security/advisory/1046"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
            },
            {
              "name": "http://www.isg.rhul.ac.uk/tls/",
              "refsource": "MISC",
              "url": "http://www.isg.rhul.ac.uk/tls/"
            },
            {
              "name": "http://www.opera.com/docs/changelogs/unified/1215/",
              "refsource": "CONFIRM",
              "url": "http://www.opera.com/docs/changelogs/unified/1215/"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-2566",
    "datePublished": "2013-03-14T22:00:00",
    "dateReserved": "2013-03-14T00:00:00",
    "dateUpdated": "2024-08-06T15:44:32.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-2566\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-03-15T21:55:01.047\",\"lastModified\":\"2024-11-21T01:51:57.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.\"},{\"lang\":\"es\",\"value\":\"El algoritmo RC4, tal como se usa en el protocolo TLS y protocolo SSL, tiene muchos \\\"single-byte biases\\\", lo que hace que sea m\u00e1s f\u00e1cil para atacantes remotos realizar ataques de recuperaci\u00f3n de texto claro a trav\u00e9s de an\u00e1lisis estad\u00edstico de texto cifrado en un gran n\u00famero de sesiones que utilizan el mismo texto claro.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.9.1\",\"matchCriteriaId\":\"9750DF83-22E8-4299-BC95-33217B968211\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"911FBD5E-213D-482F-81A9-C3B8CE7D903A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBD2676F-EE9D-4462-ABA5-C11CE726849C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6505AE29-5091-4C72-AF6B-932DEF53A8D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EC475C1-A339-4C49-B6BA-A0E4D6FDF5DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38A45A86-3B7E-4245-B717-2A6E868BE6BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.2.11\",\"matchCriteriaId\":\"24EDBB8B-1AFB-498D-B78C-7BC72B8C1085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.0.4\",\"matchCriteriaId\":\"F3024389-3D4A-4E19-BE42-DAF9EA51D471\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"xcp\",\"versionEndExcluding\":\"xcp_1121\",\"matchCriteriaId\":\"9DBE3B60-DED8-4F47-A60F-410ECB873BAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:sparc_enterprise_m3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB54B753-F066-4387-B0C3-43E647A42EBE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"xcp\",\"versionEndExcluding\":\"xcp_1121\",\"matchCriteriaId\":\"5BBD38A2-1B17-4B28-9FE1-6D62A6337C12\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:sparc_enterprise_m4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1846C0CA-AE13-435F-BF91-EEE0CC311DD5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"xcp\",\"versionEndExcluding\":\"xcp_1121\",\"matchCriteriaId\":\"5884F45B-F822-46B9-A0DC-6B59A3C3E7E0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:sparc_enterprise_m5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2EDCD99-9677-45A7-9221-3A6A41917A7C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"xcp\",\"versionEndExcluding\":\"xcp_1121\",\"matchCriteriaId\":\"9ED7A13F-9510-4FA0-96A6-D2D34D49545F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:sparc_enterprise_m8000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9581ABD4-5ED6-4EC5-8A0B-1D7A449C10D5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"xcp\",\"versionEndExcluding\":\"xcp_1121\",\"matchCriteriaId\":\"0C4C1EC1-19BE-4E1E-8F56-47A83AD0410D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:sparc_enterprise_m9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A2CEAD6-9F8C-411C-9107-BA858CB8A31B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"xcp\",\"versionEndExcluding\":\"xcp2280\",\"matchCriteriaId\":\"0AB4298E-79C7-418D-B843-8EBDC6682342\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"983D27DE-BC89-454E-AE47-95A26A3651E2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"xcp\",\"versionEndExcluding\":\"xcp2280\",\"matchCriteriaId\":\"6F45C5EA-556E-47A5-81FB-F6A85342FAC4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5825AEE1-B668-40BD-86A9-2799430C742C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"xcp\",\"versionEndExcluding\":\"xcp2280\",\"matchCriteriaId\":\"04F93A4F-97A9-4B32-A460-86B5EBCEB263\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA2D526-BDCF-4A65-914A-B3BA3A0CD613\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"8D305F7A-D159-4716-AB26-5E38BB5CD991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2076871-2E80-4605-A470-A41C1A8EC7EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFAA48D9-BEB4-4E49-AD50-325C262D46D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F61F047-129C-41A6-8A27-FFCBB8563E91\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.0.11\",\"matchCriteriaId\":\"74242CE4-EB52-4765-A5E9-94C808EFC997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"25.0.1\",\"matchCriteriaId\":\"7E547DD8-D3E3-4CA9-BE68-313A476A4B80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"24.1.0\",\"versionEndExcluding\":\"24.1.1\",\"matchCriteriaId\":\"F7236D2E-3A8D-48DF-817E-0B536EF66891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.22.1\",\"matchCriteriaId\":\"BAA54653-EDA1-4B8E-B328-51B0D77D2027\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.1.1\",\"matchCriteriaId\":\"FBBD7730-3DCA-4448-A912-1B6AE4658355\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.0.11\",\"matchCriteriaId\":\"19BF5469-96AF-43B2-B875-C5241BD406F2\"}]}]}],\"references\":[{\"url\":\"http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://cr.yp.to/talks/2013.03.12/slides.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201406-19.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.isg.rhul.ac.uk/tls/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mozilla.org/security/announce/2013/mfsa2013-103.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/unified/1215/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/security/advisory/1046\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/58796\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2031-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2032-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201504-01\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://cr.yp.to/talks/2013.03.12/slides.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201406-19.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.isg.rhul.ac.uk/tls/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mozilla.org/security/announce/2013/mfsa2013-103.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/docs/changelogs/unified/1215/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.opera.com/security/advisory/1046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/58796\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2031-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2032-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201504-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.