CVE-2013-2566

Impact:
Moderate
Public Date:
2013-03-15
Bugzilla:
921947: CVE-2013-2566 SSL/TLS: Attack against RC4 stream cipher

The MITRE CVE dictionary describes this issue as:

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Find out more about CVE-2013-2566 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This flaw is related to the design of the RC4 protocol and not its implementation. More details and a possible work around is mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=921947#c8. Therefore there are no plans to correct this issue in Red Hat Enterprise Linux 5 and 6.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 openssl Will not fix
Red Hat Enterprise Linux 6 gnutls Will not fix
Red Hat Enterprise Linux 6 nss Will not fix
Red Hat Enterprise Linux 5 openssl Will not fix
Red Hat Enterprise Linux 5 nss Will not fix
Red Hat Enterprise Linux 5 gnutls Will not fix

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.