How to remediate CVE-2013-2566 related to "SSH RC4 Cipher" ?


Hello there,

Our security team did vulnerability scan on server running Splunk v6.1.3 and asked us to remediate CVE-2013-2566 vulnerability. The description they gave us is below:

SSH RC4 Cipher Enabled
The arcfour cipher is considered to be flawed.
Disable the arcfour cipher.

We checked with OS Vendor and they have given below solution. The issue is I am not sure where to apply the changes. I have checked files having RC4 but there are many..

-Find the applications which has been configured to use TLS/SSL on server, make the suggested changes in application configuration file as suggested in Workaround 1 or Workaround 2.
o For example, if httpd is running with SSL, then make the suggested changes in /etc/httpd/conf.d/ssl.conf

*Workaround 1: Use Stronger ciphers
SSLCipherSuite HIGH:!aNULL:!MD5

*Workaround 2: Change the CipherOrder so that RC4 will be the least preferred
SSLHonorCipherOrder On

Can someone please advise on the same?


0 Karma

Splunk Employee
Splunk Employee

This is already resolved in latest version of splunk 6.5.3

0 Karma
Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...