Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2013-2566

Disclosure Date: March 15, 2013
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.9 Medium
Impact Score:
3.6
Exploitability Score:
2.2
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Vendors

  • canonical,
  • fujitsu,
  • mozilla,
  • oracle

Products

  • communications application session controller,
  • firefox,
  • firefox esr,
  • http server 11.1.1.7.0,
  • http server 11.1.1.9.0,
  • http server 12.1.3.0.0,
  • http server 12.2.1.1.0,
  • http server 12.2.1.2.0,
  • integrated lights out manager firmware,
  • m10-1 firmware,
  • m10-4 firmware,
  • m10-4s firmware,
  • seamonkey,
  • sparc enterprise m3000 firmware,
  • sparc enterprise m4000 firmware,
  • sparc enterprise m5000 firmware,
  • sparc enterprise m8000 firmware,
  • sparc enterprise m9000 firmware,
  • thunderbird,
  • thunderbird esr,
  • ubuntu linux 12.04,
  • ubuntu linux 12.10,
  • ubuntu linux 13.04,
  • ubuntu linux 13.10

Additional Info

Technical Analysis