// For flags

CVE-2013-2566

 

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

El algoritmo RC4, tal como se usa en el protocolo TLS y protocolo SSL, tiene muchos "single-byte biases", lo que hace que sea más fácil para atacantes remotos realizar ataques de recuperación de texto claro a través de análisis estadístico de texto cifrado en un gran número de sesiones que utilizan el mismo texto claro.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-03-14 CVE Reserved
  • 2013-03-14 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-326: Inadequate Encryption Strength
CAPEC
References (21)
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fujitsu
Search vendor "Fujitsu"
Sparc Enterprise M3000 Firmware
Search vendor "Fujitsu" for product "Sparc Enterprise M3000 Firmware"
>= xcp < xcp_1121
Search vendor "Fujitsu" for product "Sparc Enterprise M3000 Firmware" and version " >= xcp < xcp_1121"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Sparc Enterprise M3000
Search vendor "Fujitsu" for product "Sparc Enterprise M3000"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Sparc Enterprise M4000 Firmware
Search vendor "Fujitsu" for product "Sparc Enterprise M4000 Firmware"
>= xcp < xcp_1121
Search vendor "Fujitsu" for product "Sparc Enterprise M4000 Firmware" and version " >= xcp < xcp_1121"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Sparc Enterprise M4000
Search vendor "Fujitsu" for product "Sparc Enterprise M4000"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Sparc Enterprise M5000 Firmware
Search vendor "Fujitsu" for product "Sparc Enterprise M5000 Firmware"
>= xcp < xcp_1121
Search vendor "Fujitsu" for product "Sparc Enterprise M5000 Firmware" and version " >= xcp < xcp_1121"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Sparc Enterprise M5000
Search vendor "Fujitsu" for product "Sparc Enterprise M5000"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Sparc Enterprise M8000 Firmware
Search vendor "Fujitsu" for product "Sparc Enterprise M8000 Firmware"
>= xcp < xcp_1121
Search vendor "Fujitsu" for product "Sparc Enterprise M8000 Firmware" and version " >= xcp < xcp_1121"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Sparc Enterprise M8000
Search vendor "Fujitsu" for product "Sparc Enterprise M8000"
--
Safe
Fujitsu
Search vendor "Fujitsu"
Sparc Enterprise M9000 Firmware
Search vendor "Fujitsu" for product "Sparc Enterprise M9000 Firmware"
>= xcp < xcp_1121
Search vendor "Fujitsu" for product "Sparc Enterprise M9000 Firmware" and version " >= xcp < xcp_1121"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
Sparc Enterprise M9000
Search vendor "Fujitsu" for product "Sparc Enterprise M9000"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-1 Firmware
Search vendor "Fujitsu" for product "M10-1 Firmware"
>= xcp < xcp2280
Search vendor "Fujitsu" for product "M10-1 Firmware" and version " >= xcp < xcp2280"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-1
Search vendor "Fujitsu" for product "M10-1"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-4 Firmware
Search vendor "Fujitsu" for product "M10-4 Firmware"
>= xcp < xcp2280
Search vendor "Fujitsu" for product "M10-4 Firmware" and version " >= xcp < xcp2280"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-4
Search vendor "Fujitsu" for product "M10-4"
--
Safe
Fujitsu
Search vendor "Fujitsu"
M10-4s Firmware
Search vendor "Fujitsu" for product "M10-4s Firmware"
>= xcp < xcp2280
Search vendor "Fujitsu" for product "M10-4s Firmware" and version " >= xcp < xcp2280"
-
Affected
in Fujitsu
Search vendor "Fujitsu"
M10-4s
Search vendor "Fujitsu" for product "M10-4s"
--
Safe
Oracle
Search vendor "Oracle"
Communications Application Session Controller
Search vendor "Oracle" for product "Communications Application Session Controller"
>= 3.0.0 <= 3.9.1
Search vendor "Oracle" for product "Communications Application Session Controller" and version " >= 3.0.0 <= 3.9.1"
-
Affected
Oracle
Search vendor "Oracle"
Http Server
Search vendor "Oracle" for product "Http Server"
11.1.1.7.0
Search vendor "Oracle" for product "Http Server" and version "11.1.1.7.0"
-
Affected
Oracle
Search vendor "Oracle"
Http Server
Search vendor "Oracle" for product "Http Server"
11.1.1.9.0
Search vendor "Oracle" for product "Http Server" and version "11.1.1.9.0"
-
Affected
Oracle
Search vendor "Oracle"
Http Server
Search vendor "Oracle" for product "Http Server"
12.1.3.0.0
Search vendor "Oracle" for product "Http Server" and version "12.1.3.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Http Server
Search vendor "Oracle" for product "Http Server"
12.2.1.1.0
Search vendor "Oracle" for product "Http Server" and version "12.2.1.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Http Server
Search vendor "Oracle" for product "Http Server"
12.2.1.2.0
Search vendor "Oracle" for product "Http Server" and version "12.2.1.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Integrated Lights Out Manager Firmware
Search vendor "Oracle" for product "Integrated Lights Out Manager Firmware"
>= 3.0.0 <= 3.2.11
Search vendor "Oracle" for product "Integrated Lights Out Manager Firmware" and version " >= 3.0.0 <= 3.2.11"
-
Affected
Oracle
Search vendor "Oracle"
Integrated Lights Out Manager Firmware
Search vendor "Oracle" for product "Integrated Lights Out Manager Firmware"
>= 4.0.0 <= 4.0.4
Search vendor "Oracle" for product "Integrated Lights Out Manager Firmware" and version " >= 4.0.0 <= 4.0.4"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
esm
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
12.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
13.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "13.04"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
13.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "13.10"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
< 25.0.1
Search vendor "Mozilla" for product "Firefox" and version " < 25.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
< 17.0.11
Search vendor "Mozilla" for product "Firefox Esr" and version " < 17.0.11"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
>= 24.1.0 < 24.1.1
Search vendor "Mozilla" for product "Firefox Esr" and version " >= 24.1.0 < 24.1.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
< 2.22.1
Search vendor "Mozilla" for product "Seamonkey" and version " < 2.22.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
< 24.1.1
Search vendor "Mozilla" for product "Thunderbird" and version " < 24.1.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird Esr
Search vendor "Mozilla" for product "Thunderbird Esr"
< 17.0.11
Search vendor "Mozilla" for product "Thunderbird Esr" and version " < 17.0.11"
-
Affected