CVE-2013-2566

 

Published at: - 15-03-2013 10:55

Last modified: - 24-09-2022 03:03

Total changes: - 2

Description

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

 

Verification logic

 

Reference

• http://www.isg.rhul.ac.uk/tls/
• http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
• http://cr.yp.to/talks/2013.03.12/slides.pdf
• http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4
• http://www.opera.com/security/advisory/1046
• http://www.opera.com/docs/changelogs/unified/1215/
• http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
• USN-2031-1-Third Party Advisory
• USN-2032-1-Third Party Advisory
• GLSA-201406-19-Third Party Advisory
• SSRT102035-Issue Tracking, Third Party Advisory
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
• 58796-Third Party Advisory, VDB Entry
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
• GLSA-201504-01-Third Party Advisory
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

 

Keywords

NVD

 

CVE-2013-2566

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures