CVE-2013-2566
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Published at
2013-03-15T21:55Z
4083 days ago
Modified
2020-11-23T19:48Z
1273 days ago
CWE-326
Problem type
Impact
- CVSS v3 vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Severity Score Vector
5.9CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
GET https://vulnerabilitydata.com/api/details/CVE-2013-2566
{ "id": "CVE-2013-2566", "published_date": "2013-03-15T21:55Z", "last_modified_date": "2020-11-23T19:48Z", "assigner": "cve@mitre.org", "description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", "references": [ { "url": "http://www.isg.rhul.ac.uk/tls/", "name": "http://www.isg.rhul.ac.uk/tls/", "refsource": "MISC", "tags": [ "Third Party Advisory" ] }, { "url": "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", "name": "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", "refsource": "MISC", "tags": [ "Third Party Advisory" ] }, { "url": "http://cr.yp.to/talks/2013.03.12/slides.pdf", "name": "http://cr.yp.to/talks/2013.03.12/slides.pdf", "refsource": "MISC", "tags": [ "Third Party Advisory" ] }, { "url": "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", "name": "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.opera.com/security/advisory/1046", "name": "http://www.opera.com/security/advisory/1046", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.opera.com/docs/changelogs/unified/1215/", "name": "http://www.opera.com/docs/changelogs/unified/1215/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.ubuntu.com/usn/USN-2031-1", "name": "USN-2031-1", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.ubuntu.com/usn/USN-2032-1", "name": "USN-2032-1", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ] }, { "url": "http://security.gentoo.org/glsa/glsa-201406-19.xml", "name": "GLSA-201406-19", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ] }, { "url": "http://marc.info/?l=bugtraq&m=143039468003789&w=2", "name": "SSRT102035", "refsource": "HP", "tags": [ "Issue Tracking", "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/bid/58796", "name": "58796", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.gentoo.org/glsa/201504-01", "name": "GLSA-201504-01", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] } ], "impact": { "baseMetricV3": { "cvssV3": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.2, "impactScore": 3.6 }, "baseMetricV2": { "cvssV2": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3 }, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } }, "problem_type": "CWE-326" }