漏洞信息详情
TLS/SSL协议 RC4算法加密问题漏洞
- CNNVD编号:CNNVD-201303-335
- 危害等级: 中危
- CVE编号: CVE-2013-2566
- 漏洞类型: 加密问题
- 发布时间: 2013-03-18
- 威胁类型: 远程
- 更新时间: 2022-06-13
- 厂 商: oracle
- 漏洞来源: Mitsubishi Electri...
漏洞简介
TLS协议和SSL协议中使用的的RC4算法中存在加密问题漏洞,该漏洞源于使用大量的单字节偏差。通过在使用相同明文的大量会话中密文的统计分析,远程攻击者利用该漏洞进行明文恢复攻击。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.HTML
参考网址
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.HTML
来源:CONFIRM
链接:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
来源:HP
链接:http://marc.info/?l=bugtraq&m=143039468003789&w=2
来源:MISC
链接:http://www.isg.rhul.ac.uk/tls/
来源:CONFIRM
链接:http://kb.juniper.net/InfoCenter/index?page=content&id=jsA10705
来源:CONFIRM
链接:http://www.opera.com/docs/changelogs/unified/1215/
来源:GENTOO
链接:https://security.gentoo.org/glsa/201504-01
来源:CONFIRM
链接:http://www.opera.com/security/advisory/1046
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.HTML
来源:CONFIRM
链接:http://www.mozilla.org/security/announce/2013/mfsa2013-103.HTML
来源:GENTOO
链接:http://security.gentoo.org/glsa/glsa-201406-19.xml
来源:BID
链接:https://www.securityfocus.com/bid/58796
来源:UBUNTU
链接:http://www.ubuntu.com/usn/USN-2031-1
来源:UBUNTU
链接:http://www.ubuntu.com/usn/USN-2032-1
来源:MISC
链接:http://cr.yp.to/talks/2013.03.12/slides.pdf
来源:MISC
链接:http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.HTML
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.HTML
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.HTML
来源:CONFIRM
链接:http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4
来源:CONFIRM
链接:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.HTML
来源:CONFIRM
链接:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
来源:www.hitachi.co.jp
链接:https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-009/ index.HTML
来源:www.hitachi.co.jp
链接:https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/ hitachi-sec-2019-113/index.HTML
来源:www.hitachi.co.jp
链接:https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-001/ index.HTML
来源:us-cert.cisa.gov
链接:https://us-cert.cisa.gov/ics/advisories/icsa-22-160-01
来源:us-cert.cisa.gov
链接:https://us-cert.cisa.gov/ics/advisories/icsa-21-075-02
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0190/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.2853
受影响实体
- Oracle Sparc-Opl_service_processor:1121
补丁
- TLS/SSL协议 RC4算法安全漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论