SOL14638 - TLS/SSL RC4 vulnerability CVE-2013-2566

2013-08-2700:00:00

support.f5.com

1359

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

74.5%

JSON

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. (CVE-2013-2566)

CPENameOperatorVersion
big-iq securityle4.5.0
big-ip apmle11.5.3
big-ip ltmle9.6.1
big-ip edge gatewayle11.3.0
big-ip webacceleratorle9.4.8
big-ip analyticsle11.5.3
big-ip link controllerle9.4.8
enterprise managerle3.1.1
big-ip womle11.3.0
big-ip psmle9.4.8

Name	Operator	Version
big-iq security	le	4.5.0
big-ip apm	le	11.5.3
big-ip ltm	le	9.6.1
big-ip edge gateway	le	11.3.0
big-ip webaccelerator	le	9.4.8
big-ip analytics	le	11.5.3
big-ip link controller	le	9.4.8
enterprise manager	le	3.1.1
big-ip wom	le	11.3.0
big-ip psm	le	9.4.8