CVE-2013-2566

CWE-3267 documents6 sources
Severity
5.9MEDIUM
EPSS
90.8%
top 0.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Fujitsu M10-1 FirmwareFujitsu M10-4 FirmwareFujitsu M10-4s Firmware+13 more
Timeline
PublishedMar 15
Latest updateMay 13

Description

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages15 packages

NVDmozilla/firefox24.1.024.1.1+2
NVDmozilla/seamonkey< 2.22.1
NVDmozilla/thunderbird< 24.1.1
NVDfujitsu/m10-1_firmwarexcpxcp2280
NVDfujitsu/m10-4_firmwarexcpxcp2280

Also affects: Ubuntu Linux 12.04, 12.10, 13.04, 13.10

🔴Vulnerability Details

2
GHSA
GHSA-f67x-vqh9-8p43: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct pl2022-05-13
CVEList
CVE-2013-2566: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct pl2013-03-14

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2013-11-21
Ubuntu
Firefox vulnerabilities2013-11-20
Red Hat
SSL/TLS: Attack against RC4 stream cipher2013-03-15

💬Community

1
Bugzilla
CVE-2013-2566 SSL/TLS: Attack against RC4 stream cipher2013-03-15
CVE-2013-2566 (MEDIUM CVSS 5.9) | The RC4 algorithm | cvebase.io