Lucene search
Ubuntu.comUB:CVE-2013-2566HistoryMar 15, 2013 - 12:00 a.m.
CVE-2013-2566
2013-03-1500:00:00
ubuntu.com
ubuntu.com
53
0.005 Low
EPSS
Percentile
77.1%
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a
large number of sessions that use the same plaintext.
Notes
| Author | Note |
|---|---|
| jdstrand | this is a protocol problem not specific to openssl. Using openssl as a placeholder until more information is available marking low for now until more information is available. At present, naive attacks need tens to hundreds of millions of TLS connections. Optimized attacks are not present yet. marking deferred since there is no consensus on what to do (we can’t just disable RC4) |
| mdeslaur | marking as ignored since there is no actionable item |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 12.04 | noarch | firefox | < 25.0.1+build1-0ubuntu0.12.04.1 | UNKNOWN |
| ubuntu | 12.10 | noarch | firefox | < 25.0.1+build1-0ubuntu0.12.10.1 | UNKNOWN |
| ubuntu | 13.04 | noarch | firefox | < 25.0.1+build1-0ubuntu0.13.04.1 | UNKNOWN |
| ubuntu | 13.10 | noarch | firefox | < 25.0.1+build1-0ubuntu0.13.10.1 | UNKNOWN |
| ubuntu | 12.04 | noarch | thunderbird | < 1:24.1.1+build1-0ubuntu0.12.04.1 | UNKNOWN |
| ubuntu | 12.10 | noarch | thunderbird | < 1:24.1.1+build1-0ubuntu0.12.10.1 | UNKNOWN |
| ubuntu | 13.04 | noarch | thunderbird | < 1:24.1.1+build1-0ubuntu0.13.04.1 | UNKNOWN |
| ubuntu | 13.10 | noarch | thunderbird | < 1:24.1.1+build1-0ubuntu0.13.10.1 | UNKNOWN |
References
blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
cr.yp.to/talks/2013.03.12/slides.pdf
www.isg.rhul.ac.uk/tls/
www.mozilla.org/security/announce/2013/mfsa2013-103.html
launchpad.net/bugs/cve/CVE-2013-2566
nvd.nist.gov/vuln/detail/CVE-2013-2566
security-tracker.debian.org/tracker/CVE-2013-2566
ubuntu.com/security/notices/USN-2031-1
ubuntu.com/security/notices/USN-2032-1
www.cve.org/CVERecord?id=CVE-2013-2566
Related
f5
f5
K14638 : TLS/SSL RC4 vulnerability CVE-2013-2566
2015-03-30 00:00:00
SOL14638 - TLS/SSL RC4 vulnerability CVE-2013-2566
2013-08-27 00:00:00
nessus
nessus
F5 Networks BIG-IP : TLS/SSL RC4 vulnerability (K14638)
2014-10-10 00:00:00
SSL/TLS Services Support RC4 (PCI DSS)
2018-01-29 00:00:00
SSL RC4 Cipher Suites Supported (Bar Mitzvah)
2013-04-05 00:00:00
prion
prion
Code injection
2013-03-15 21:55:00
cvelist
cvelist
CVE-2013-2566
2013-03-14 22:00:00
ibm
ibm
cve
cve
CVE-2013-2566
2013-03-15 21:55:01
checkpoint_advisories
checkpoint_advisories
Weak SSL RC4 Cipher Suites (CVE-2013-2566; CVE-2015-2808)
2015-05-17 00:00:00
openvas
openvas
SSL/TLS: Report Weak Cipher Suites
2012-03-01 00:00:00
HPE Network Products Multiple Remote Vulnerabilities
2016-11-25 00:00:00
Ubuntu: Security Advisory (USN-2032-1)
2013-11-26 00:00:00
threatpost
threatpost
5 Steps to Securing Your Network Perimeter
2021-09-27 20:29:43
ubuntu
ubuntu
Firefox vulnerabilities
2013-11-20 00:00:00
Thunderbird vulnerabilities
2013-11-21 00:00:00
securityvulns
securityvulns
Mozilla nss security vulnerabilities
2013-11-26 00:00:00
mageia
mageia
Updated firefox, rootcerts, nspr & nss packages fix security vulnerabilities
2013-11-21 00:54:49
ics
ics
Mitsubishi Electric Air Conditioning Systems
2022-06-20 12:00:00
GE UR family
2021-03-16 12:00:00
mozilla
mozilla
Miscellaneous Network Security Services (NSS) vulnerabilities — Mozilla
2013-11-15 00:00:00
metasploit
metasploit
SSL/TLS Version Detection
2022-11-01 03:42:40
gentoo
gentoo
Mozilla Network Security Service: Multiple vulnerabilities
2014-06-21 00:00:00
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2016
2016-04-19 00:00:00
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00