This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
The vulnerability is in the protocols and the vulnerable configurations contain a non-exhaustive list of products which likely use the protocols described in this vulnerability.
CVSS 3.x Severity and Metrics:
CVSS 2.0 Severity and Metrics: