Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2566

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-2566
Last Modified 11 May 2015 09:59:51
Published 15 Mar 2013 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-2566

Summary

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Vulnerable Systems

Application

  • Apple Safari

  • Google Chrome -

  • Ibm Websphere Application Server

  • Jboss Enterprise Application Server

  • Microsoft Ie

  • Microsoft Iis

  • Mozilla Firefox

  • Opera Browser -

  • Oracle Glassfish

  • Sun Glassfish Enterprise Server


References

MISC - http://www.isg.rhul.ac.uk/tls/

MISC - http://cr.yp.to/talks/2013.03.12/slides.pdf

MISC - http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html

CONFIRM - http://www.opera.com/security/advisory/1046

CONFIRM - http://www.opera.com/docs/changelogs/unified/1215/

CONFIRM - http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4

CONFIRM - http://www.mozilla.org/security/announce/2013/mfsa2013-103.html

UBUNTU - USN-2032-1

UBUNTU - USN-2031-1

GENTOO - GLSA-201406-19

HP - SSRT102035

Related Patches

Mozilla Firefox (en-us) 25.0.1 for Windows (Update) (See Notes)

Mozilla Firefox ESR (en-us) 17.0.11 for Windows (Update) (See Notes)

Mozilla Firefox ESR (en-us) 24.1.1 for Windows (Update) (See Notes)


Last Updated: 27 May 2016 11:02:10