CVE-2013-2566 - Vulnerability Details

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.93163.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Canonical	Ubuntu Linux
Fujitsu	M10-1 M10-1 Firmware M10-4 M10-4 Firmware M10-4s M10-4s Firmware Sparc Enterprise M3000 Sparc Enterprise M3000 Firmware Sparc Enterprise M4000 Sparc Enterprise M4000 Firmware Sparc Enterprise M5000 Sparc Enterprise M5000 Firmware Sparc Enterprise M8000 Sparc Enterprise M8000 Firmware Sparc Enterprise M9000 Sparc Enterprise M9000 Firmware
Mozilla	Firefox Seamonkey Thunderbird Thunderbird Esr
Oracle	Communications Application Session Controller Http Server Integrated Lights Out Manager Firmware

Configuration 1 [-]

OR	cpe:2.3:a:oracle:communications_application_session_controller::::::::
	cpe:2.3:a:oracle:http_server:11.1.1.7.0:::::::*
	cpe:2.3:a:oracle:http_server:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:http_server:12.1.3.0.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.1.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.2.0:::::::*
	cpe:2.3:o:oracle:integrated_lights_out_manager_firmware::::::::
	cpe:2.3:o:oracle:integrated_lights_out_manager_firmware::::::::

Configuration 2 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m3000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m4000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m5000:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m8000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m9000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*

Configuration 10 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*

Configuration 11 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird_esr::::::::

No data.

References

Link	Providers
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://marc.info/?l=bugtraq&m=143039468003789&w=2
http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4
http://security.gentoo.org/glsa/glsa-201406-19.xml
http://www.isg.rhul.ac.uk/tls/
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
http://www.opera.com/docs/changelogs/unified/1215/
http://www.opera.com/security/advisory/1046
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/58796
http://www.ubuntu.com/usn/USN-2031-1
http://www.ubuntu.com/usn/USN-2032-1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
https://nvd.nist.gov/vuln/detail/CVE-2013-2566
https://security.gentoo.org/glsa/201504-01
https://www.cve.org/CVERecord?id=CVE-2013-2566

History

Fri, 22 May 2026 11:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-327
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 21 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr::::::::
Vendors & Products	Mozilla firefox Esr

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-03-14T22:00:00.000Z

Updated: 2026-05-22T10:41:19.291Z

Reserved: 2013-03-14T00:00:00.000Z

Link: CVE-2013-2566

Vulnrichment

Updated: 2024-08-06T15:44:32.649Z

NVD

Status : Modified

Published: 2013-03-15T21:55:01.047

Modified: 2026-04-29T01:13:23.040

Link: CVE-2013-2566

Redhat

Severity : Moderate

Publid Date: 2013-03-15T00:00:00Z

Links: CVE-2013-2566 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object