Vulnerability Data

by Reconmap

CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Published at
2013-03-15T21:55Z
4083 days ago
Modified
2020-11-23T19:48Z
1273 days ago
CWE-326
Problem type

Impact

CVSS v3 vector string
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Severity Score Vector

5.9CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References


URLType
www.isg.rhul.ac.uk
http://www.isg.rhul.ac.uk/tls/		MISC
blog.cryptographyengineering.com
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html		MISC
cr.yp.to
http://cr.yp.to/talks/2013.03.12/slides.pdf		MISC
my.opera.com
http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4		CONFIRM
www.opera.com
http://www.opera.com/security/advisory/1046		CONFIRM
www.opera.com
http://www.opera.com/docs/changelogs/unified/1215/		CONFIRM
www.mozilla.org
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html		CONFIRM
USN-2031-1
http://www.ubuntu.com/usn/USN-2031-1		UBUNTU
USN-2032-1
http://www.ubuntu.com/usn/USN-2032-1		UBUNTU
GLSA-201406-19
http://security.gentoo.org/glsa/glsa-201406-19.xml		GENTOO
SSRT102035
http://marc.info/?l=bugtraq&m=143039468003789&w=2		HP
www.oracle.com
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html		CONFIRM
www.oracle.com
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html		CONFIRM
h20566.www2.hpe.com
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935		CONFIRM
www.oracle.com
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html		CONFIRM
h20566.www2.hpe.com
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888		CONFIRM
58796
http://www.securityfocus.com/bid/58796		BID
kb.juniper.net
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705		CONFIRM
GLSA-201504-01
https://security.gentoo.org/glsa/201504-01		GENTOO
www.oracle.com
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html		CONFIRM
www.oracle.com
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html		CONFIRM

GET https://vulnerabilitydata.com/api/details/CVE-2013-2566

{
	"id": "CVE-2013-2566",
	"published_date": "2013-03-15T21:55Z",
	"last_modified_date": "2020-11-23T19:48Z",
	"assigner": "cve@mitre.org",
	"description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.",
	"references": [
		{
			"url": "http://www.isg.rhul.ac.uk/tls/",
			"name": "http://www.isg.rhul.ac.uk/tls/",
			"refsource": "MISC",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html",
			"name": "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html",
			"refsource": "MISC",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://cr.yp.to/talks/2013.03.12/slides.pdf",
			"name": "http://cr.yp.to/talks/2013.03.12/slides.pdf",
			"refsource": "MISC",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4",
			"name": "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.opera.com/security/advisory/1046",
			"name": "http://www.opera.com/security/advisory/1046",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.opera.com/docs/changelogs/unified/1215/",
			"name": "http://www.opera.com/docs/changelogs/unified/1215/",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html",
			"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.ubuntu.com/usn/USN-2031-1",
			"name": "USN-2031-1",
			"refsource": "UBUNTU",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.ubuntu.com/usn/USN-2032-1",
			"name": "USN-2032-1",
			"refsource": "UBUNTU",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml",
			"name": "GLSA-201406-19",
			"refsource": "GENTOO",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://marc.info/?l=bugtraq&m=143039468003789&w=2",
			"name": "SSRT102035",
			"refsource": "HP",
			"tags": [
				"Issue Tracking",
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
			"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
			"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
			"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
			"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
			"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.securityfocus.com/bid/58796",
			"name": "58796",
			"refsource": "BID",
			"tags": [
				"Third Party Advisory",
				"VDB Entry"
			]
		},
		{
			"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
			"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://security.gentoo.org/glsa/201504-01",
			"name": "GLSA-201504-01",
			"refsource": "GENTOO",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
			"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
			"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
			"refsource": "CONFIRM",
			"tags": [
				"Third Party Advisory"
			]
		}
	],
	"impact": {
		"baseMetricV3": {
			"cvssV3": {
				"version": "3.0",
				"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
				"attackVector": "NETWORK",
				"attackComplexity": "HIGH",
				"privilegesRequired": "NONE",
				"userInteraction": "NONE",
				"scope": "UNCHANGED",
				"confidentialityImpact": "HIGH",
				"integrityImpact": "NONE",
				"availabilityImpact": "NONE",
				"baseScore": 5.9,
				"baseSeverity": "MEDIUM"
			},
			"exploitabilityScore": 2.2,
			"impactScore": 3.6
		},
		"baseMetricV2": {
			"cvssV2": {
				"version": "2.0",
				"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
				"accessVector": "NETWORK",
				"accessComplexity": "MEDIUM",
				"authentication": "NONE",
				"confidentialityImpact": "PARTIAL",
				"integrityImpact": "NONE",
				"availabilityImpact": "NONE",
				"baseScore": 4.3
			},
			"severity": "MEDIUM",
			"exploitabilityScore": 8.6,
			"impactScore": 2.9,
			"obtainAllPrivilege": false,
			"obtainUserPrivilege": false,
			"obtainOtherPrivilege": false,
			"userInteractionRequired": false
		}
	},
	"problem_type": "CWE-326"
}