The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N
Vendors Products
Fujitsu
  • M10-4 Firmware
  • Sparc Enterprise M3000 Firmware
  • Sparc Enterprise M4000
  • M10-4s
  • Sparc Enterprise M9000 Firmware
  • Sparc Enterprise M9000
  • M10-4
  • M10-4s Firmware
  • Sparc Enterprise M8000
  • Sparc Enterprise M5000
  • Sparc Enterprise M5000 Firmware
  • Sparc Enterprise M8000 Firmware
  • M10-1 Firmware
  • M10-1
  • Sparc Enterprise M3000
  • Sparc Enterprise M4000 Firmware
Mozilla
  • Firefox
  • Seamonkey
  • Thunderbird Esr
  • Thunderbird
  • Firefox Esr
Oracle
  • Http Server
  • Integrated Lights Out Manager Firmware
  • Communications Application Session Controller
Canonical
  • Ubuntu Linux

Configuration 1 [-]

OR cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sparc_enterprise_m3000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sparc_enterprise_m4000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sparc_enterprise_m5000:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sparc_enterprise_m8000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sparc_enterprise_m9000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

Configuration 10 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

Configuration 11 [-]

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
References
Link Resource
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html Third Party Advisory
http://cr.yp.to/talks/2013.03.12/slides.pdf Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory
http://marc.info/?l=bugtraq&m=143039468003789&w=2 Issue Tracking Third Party Advisory
http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4 Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-19.xml Third Party Advisory
http://www.isg.rhul.ac.uk/tls/ Third Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html Third Party Advisory
http://www.opera.com/docs/changelogs/unified/1215/ Third Party Advisory
http://www.opera.com/security/advisory/1046 Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Third Party Advisory
http://www.securityfocus.com/bid/58796 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2031-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2032-1 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 Third Party Advisory
https://security.gentoo.org/glsa/201504-01 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2013-03-14T22:00:00

Updated: 2018-01-18T01:57:01

Reserved: 2013-03-14T00:00:00

Link: CVE-2013-2566

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2013-03-15T21:55:01.047

Modified: 2020-11-23T19:48:41.097

Link: CVE-2013-2566

JSON object: View

cve-icon Redhat Information

No data.

CWE