CVE-2013-2566

5.9MEDIUM

Key Information:

Vendor
Oracle
Status
Http Server
Integrated Lights Out Manager Firmware
Communications Application Session Controller
Vendor
CVE Published:
15 March 2013

Summary

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://blog.cryptographyengineering.com/2013/03/attack-of...
x_refsource_MISC
http://www.securityfocus.com/bid/58796
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.