Medium severity5.9NVD Advisory· Published Mar 15, 2013· Updated Apr 29, 2026

CVE-2013-2566

Description

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <17.0.11
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <2.22.1
Mozilla Corporation/Thunderbird
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Range: <24.1.1
Mozilla Corporation/Thunderbird Esr
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
Range: <17.0.11
Oracle Corporation/Communications Application Session Controller
cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*
Range: >=3.0.0,<=3.9.1
Oracle Corporation/Http Server5 versions
cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:12.2.1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Fujitsu/M10 1 Firmware
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
Range: >=xcp,<xcp2280
Fujitsu/M10 4 Firmware
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
Range: >=xcp,<xcp2280
Fujitsu/M10 4s Firmware
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
Range: >=xcp,<xcp2280
Fujitsu/Sparc Enterprise M3000 Firmware
cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:*
Range: >=xcp,<xcp_1121
Fujitsu/Sparc Enterprise M4000 Firmware
cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:*
Range: >=xcp,<xcp_1121
Fujitsu/Sparc Enterprise M5000 Firmware
cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:*
Range: >=xcp,<xcp_1121
Fujitsu/Sparc Enterprise M8000 Firmware
cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:*
Range: >=xcp,<xcp_1121
Fujitsu/Sparc Enterprise M9000 Firmware
cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:*
Range: >=xcp,<xcp_1121
Oracle Corporation/Integrated Lights Out Manager Firmware
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*
Range: >=3.0.0,<=3.2.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.htmlnvdThird Party Advisory
cr.yp.to/talks/2013.03.12/slides.pdfnvdThird Party Advisory
kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
marc.infonvdIssue TrackingThird Party Advisory
my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4nvdThird Party Advisory
security.gentoo.org/glsa/glsa-201406-19.xmlnvdThird Party Advisory
www.isg.rhul.ac.uk/tls/nvdThird Party Advisory
www.mozilla.org/security/announce/2013/mfsa2013-103.htmlnvdThird Party Advisory
www.opera.com/docs/changelogs/unified/1215/nvdThird Party Advisory
www.opera.com/security/advisory/1046nvdThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlnvdThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlnvdThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlnvdThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlnvdThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlnvdThird Party Advisory
www.securityfocus.com/bid/58796nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2031-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2032-1nvdThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
security.gentoo.org/glsa/201504-01nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.073
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000