Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2013-2566
HistoryMar 15, 2013 - 12:00 a.m.

CVE-2013-2566

2013-03-1500:00:00
ubuntu.com
ubuntu.com
48

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.9%

JSON

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a
large number of sessions that use the same plaintext.

Notes

Author Note
jdstrand this is a protocol problem not specific to openssl. Using openssl as a placeholder until more information is available marking low for now until more information is available. At present, naive attacks need tens to hundreds of millions of TLS connections. Optimized attacks are not present yet. marking deferred since there is no consensus on what to do (we can’t just disable RC4)
mdeslaur marking as ignored since there is no actionable item
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchfirefox< 25.0.1+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchfirefox< 25.0.1+build1-0ubuntu0.12.10.1UNKNOWN
ubuntu13.04noarchfirefox< 25.0.1+build1-0ubuntu0.13.04.1UNKNOWN
ubuntu13.10noarchfirefox< 25.0.1+build1-0ubuntu0.13.10.1UNKNOWN
ubuntu12.04noarchthunderbird< 1:24.1.1+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchthunderbird< 1:24.1.1+build1-0ubuntu0.12.10.1UNKNOWN
ubuntu13.04noarchthunderbird< 1:24.1.1+build1-0ubuntu0.13.04.1UNKNOWN
ubuntu13.10noarchthunderbird< 1:24.1.1+build1-0ubuntu0.13.10.1UNKNOWN

Related

f5 2
nessus 8
prion 1
ibm 2
cve 1
checkpoint_advisories 1
openvas 9
threatpost 1
ubuntu 2
securityvulns 1
mageia 1
mozilla 1
ics 2
metasploit 1
gentoo 2
oracle 6
f5
f5
K14638 : TLS/SSL RC4 vulnerability CVE-2013-2566
2015-03-30 00:00:00
SOL14638 - TLS/SSL RC4 vulnerability CVE-2013-2566
2013-08-27 00:00:00
nessus
nessus
F5 Networks BIG-IP : TLS/SSL RC4 vulnerability (K14638)
2014-10-10 00:00:00
SSL/TLS Services Support RC4 (PCI DSS)
2018-01-29 00:00:00
SSL RC4 Cipher Suites Supported (Bar Mitzvah)
2013-04-05 00:00:00
prion
prion
Code injection
2013-03-15 21:55:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect Proventia Network Active Bypass (CVE-2013-2566)
2018-06-16 21:24:40
Security Bulletin: Multiple vulnerabilities affect IBM Security SiteProtector Appliance (CVE-2013-2566, CVE-2014-6321, CVE-2015-0162)
2018-06-16 21:23:20
cve
cve
CVE-2013-2566
2013-03-15 21:55:00
checkpoint_advisories
checkpoint_advisories
Weak SSL RC4 Cipher Suites (CVE-2013-2566; CVE-2015-2808)
2015-05-17 00:00:00
openvas
openvas
HPE Network Products Multiple Remote Vulnerabilities
2016-11-25 00:00:00
SSL/TLS: Report Weak Cipher Suites
2012-03-01 00:00:00
Ubuntu Update for thunderbird USN-2032-1
2013-11-26 00:00:00
threatpost
threatpost
5 Steps to Securing Your Network Perimeter
2021-09-27 20:29:43
ubuntu
ubuntu
Firefox vulnerabilities
2013-11-20 00:00:00
Thunderbird vulnerabilities
2013-11-21 00:00:00
securityvulns
securityvulns
Mozilla nss security vulnerabilities
2013-11-26 00:00:00
mageia
mageia
Updated firefox, rootcerts, nspr & nss packages fix security vulnerabilities
2013-11-21 00:54:49
mozilla
mozilla
Miscellaneous Network Security Services (NSS) vulnerabilities — Mozilla
2013-11-15 00:00:00
ics
ics
Mitsubishi Electric Air Conditioning Systems
2022-06-20 12:00:00
GE UR family
2021-03-16 12:00:00
metasploit
metasploit
SSL/TLS Version Detection
2022-11-01 03:42:40
gentoo
gentoo
Mozilla Network Security Service: Multiple vulnerabilities
2014-06-21 00:00:00
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2016
2016-04-19 00:00:00
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.9%

JSON
Related for UB:CVE-2013-2566
f52nessus8prion1ibm2cve1checkpoint_advisories1openvas9threatpost1ubuntu2securityvulns1mageia1mozilla1ics2metasploit1gentoo2oracle6