CVE-2015-2808 - Vulnerability Details

- SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

Description

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Published: 2015-04-01

Score: 5.0 Medium

EPSS: 30.8% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:oracle:communications_application_session_controller::::::::
	cpe:2.3:a:oracle:communications_policy_management::::::::
	cpe:2.3:a:oracle:http_server:11.1.1.7.0:::::::*
	cpe:2.3:a:oracle:http_server:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:http_server:12.1.3.0.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.1.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.2.0:::::::*
	cpe:2.3:o:oracle:integrated_lights_out_manager_firmware::::::::
	cpe:2.3:o:oracle:integrated_lights_out_manager_firmware::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:satellite:5.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3::::::
	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::

Configuration 5 [-]

AND

cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

Configuration 6 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Configuration 7 [-]

AND

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

Configuration 8 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m3000:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m4000:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m5000:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m8000:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m9000:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:huawei:e6000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:e6000:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:huawei:e9000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:e9000:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:huawei:oceanstor_18500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_18500:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:huawei:oceanstor_18800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_18800:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:huawei:oceanstor_18800f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_18800f:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:huawei:oceanstor_9000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_9000:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:huawei:oceanstor_cse_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_cse:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_hvs85t:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:huawei:oceanstor_s2600t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_s2600t:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:huawei:oceanstor_s5500t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_s5500t:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:huawei:oceanstor_s5600t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_s5600t:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:huawei:oceanstor_s5800t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_s5800t:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:huawei:oceanstor_s6800t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_s6800t:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:huawei:oceanstor_vis6600t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_vis6600t:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:huawei:quidway_s9300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:quidway_s9300:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:huawei:s7700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:huawei:s7700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:huawei:9700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:9700:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:huawei:9700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:9700:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:huawei:s12700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:huawei:s12700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:huawei:s2700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s2700:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:huawei:s3700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s3700:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:huawei:s5700ei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700ei:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:huawei:s5700hi_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700hi:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:huawei:s5700si_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700si:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:huawei:s5710ei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5710ei:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:huawei:s5710hi_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5710hi:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:huawei:s6700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:huawei:s2750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s2750:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:huawei:s5700li_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700li:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:huawei:s5700s-li_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700s-li:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:huawei:s5720hi_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5720hi:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:huawei:s2750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s2750:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:huawei:s5700li_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700li:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:huawei:s5700s-li_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700s-li:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:huawei:s5720hi_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5720hi:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:huawei:s5720ei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5720ei:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:huawei:te60_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*

Configuration 52 [-]

OR	cpe:2.3:a:huawei:oceanstor_replicationdirector:v100r003c00:::::::*
	cpe:2.3:a:huawei:policy_center:v100r003c00:::::::*
	cpe:2.3:a:huawei:policy_center:v100r003c10:::::::*
	cpe:2.3:a:huawei:smc2.0:v100r002c01:::::::*
	cpe:2.3:a:huawei:smc2.0:v100r002c02:::::::*
	cpe:2.3:a:huawei:smc2.0:v100r002c03:::::::*
	cpe:2.3:a:huawei:smc2.0:v100r002c04:::::::*
	cpe:2.3:a:huawei:ultravr:v100r003c00:::::::*

Configuration 53 [-]

OR	cpe:2.3:a:ibm:cognos_metrics_manager:10.1:::::::*
	cpe:2.3:a:ibm:cognos_metrics_manager:10.1.1:::::::*
	cpe:2.3:a:ibm:cognos_metrics_manager:10.2:::::::*
	cpe:2.3:a:ibm:cognos_metrics_manager:10.2.1:::::::*
	cpe:2.3:a:ibm:cognos_metrics_manager:10.2.2:::::::*

Package	CPE	Advisory	Released Date
Oracle Java for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2015:1242	2015-07-17T00:00:00Z
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2015:1243	2015-07-17T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 6
java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:1241	2015-07-17T00:00:00Z
java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:1242	2015-07-17T00:00:00Z
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:1243	2015-07-17T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 7
java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:1241	2015-07-17T00:00:00Z
java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:1242	2015-07-17T00:00:00Z
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:1243	2015-07-17T00:00:00Z
Red Hat Enterprise Linux 5
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1230	2015-07-15T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1526	2015-07-30T00:00:00Z
Red Hat Enterprise Linux 5 Supplementary
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:1006	2015-05-13T00:00:00Z
java-1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:1007	2015-05-13T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:1021	2015-05-20T00:00:00Z
Red Hat Enterprise Linux 6
java-1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1228	2015-07-15T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1229	2015-07-15T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1526	2015-07-30T00:00:00Z
Red Hat Enterprise Linux 7
java-1.8.0-openjdk-1:1.8.0.51-1.b16.ael7b_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1228	2015-07-15T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.ael7b_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1229	2015-07-15T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1526	2015-07-30T00:00:00Z
Red Hat Satellite 5.6
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5	cpe:/a:redhat:network_satellite:5.6::el5	RHSA-2015:1091	2015-06-11T00:00:00Z
Red Hat Satellite 5.7
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6	cpe:/a:redhat:network_satellite:5.7::el6	RHSA-2015:1091	2015-06-11T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2015:1006	2015-05-13T00:00:00Z
java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2015:1020	2015-05-20T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2015:1021	2015-05-20T00:00:00Z
Supplementary for Red Hat Enterprise Linux 7
java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.ael7b_1	cpe:/a:redhat:rhel_extras:7	RHSA-2015:1020	2015-05-20T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-303-1	openjdk-6 security update
Debian DSA	DSA-3316-1	openjdk-7 security update
Debian DSA	DSA-3339-1	openjdk-6 security update
Ubuntu USN	USN-2696-1	OpenJDK 7 vulnerabilities
Ubuntu USN	USN-2706-1	OpenJDK 6 vulnerabilities

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.30832.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
http://marc.info/?l=bugtraq&m=143456209711959&w=2
http://marc.info/?l=bugtraq&m=143629696317098&w=2
http://marc.info/?l=bugtraq&m=143741441012338&w=2
http://marc.info/?l=bugtraq&m=143817021313142&w=2
http://marc.info/?l=bugtraq&m=143817899717054&w=2
http://marc.info/?l=bugtraq&m=143818140118771&w=2
http://marc.info/?l=bugtraq&m=144043644216842&w=2
http://marc.info/?l=bugtraq&m=144059660127919&w=2
http://marc.info/?l=bugtraq&m=144059703728085&w=2
http://marc.info/?l=bugtraq&m=144060576831314&w=2
http://marc.info/?l=bugtraq&m=144060606031437&w=2
http://marc.info/?l=bugtraq&m=144069189622016&w=2
http://marc.info/?l=bugtraq&m=144102017024820&w=2
http://marc.info/?l=bugtraq&m=144104533800819&w=2
http://marc.info/?l=bugtraq&m=144104565600964&w=2
http://marc.info/?l=bugtraq&m=144493176821532&w=2
http://rhn.redhat.com/errata/RHSA-2015-1006.html
http://rhn.redhat.com/errata/RHSA-2015-1007.html
http://rhn.redhat.com/errata/RHSA-2015-1020.html
http://rhn.redhat.com/errata/RHSA-2015-1021.html
http://rhn.redhat.com/errata/RHSA-2015-1091.html
http://rhn.redhat.com/errata/RHSA-2015-1228.html
http://rhn.redhat.com/errata/RHSA-2015-1229.html
http://rhn.redhat.com/errata/RHSA-2015-1230.html
http://rhn.redhat.com/errata/RHSA-2015-1241.html
http://rhn.redhat.com/errata/RHSA-2015-1242.html
http://rhn.redhat.com/errata/RHSA-2015-1243.html
http://rhn.redhat.com/errata/RHSA-2015-1526.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892
http://www-01.ibm.com/support/docview.wss?uid=swg21883640
http://www-304.ibm.com/support/docview.wss?uid=swg21903565
http://www-304.ibm.com/support/docview.wss?uid=swg21960015
http://www-304.ibm.com/support/docview.wss?uid=swg21960769
http://www.debian.org/security/2015/dsa-3316
http://www.debian.org/security/2015/dsa-3339
http://www.huawei.com/en/psirt/security-advisories/hw-454055
http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/bid/73684
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1032599
http://www.securitytracker.com/id/1032600
http://www.securitytracker.com/id/1032707
http://www.securitytracker.com/id/1032708
http://www.securitytracker.com/id/1032734
http://www.securitytracker.com/id/1032788
http://www.securitytracker.com/id/1032858
http://www.securitytracker.com/id/1032868
http://www.securitytracker.com/id/1032910
http://www.securitytracker.com/id/1032990
http://www.securitytracker.com/id/1033071
http://www.securitytracker.com/id/1033072
http://www.securitytracker.com/id/1033386
http://www.securitytracker.com/id/1033415
http://www.securitytracker.com/id/1033431
http://www.securitytracker.com/id/1033432
http://www.securitytracker.com/id/1033737
http://www.securitytracker.com/id/1033769
http://www.securitytracker.com/id/1036222
http://www.ubuntu.com/usn/USN-2696-1
http://www.ubuntu.com/usn/USN-2706-1
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
https://kb.juniper.net/JSA10783
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
https://nvd.nist.gov/vuln/detail/CVE-2015-2808
https://security.gentoo.org/glsa/201512-10
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
https://www.cve.org/CVERecord?id=CVE-2015-2808
https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/

History

No history.

Subscriptions

Canonical Ubuntu Linux

Debian Debian Linux

Fujitsu Sparc Enterprise M3000 Sparc Enterprise M3000 Firmware Sparc Enterprise M4000 Sparc Enterprise M4000 Firmware Sparc Enterprise M5000 Sparc Enterprise M5000 Firmware Sparc Enterprise M8000 Sparc Enterprise M8000 Firmware Sparc Enterprise M9000 Sparc Enterprise M9000 Firmware

Huawei 9700 9700 Firmware E6000 E6000 Firmware E9000 E9000 Firmware Oceanstor 18500 Oceanstor 18500 Firmware Oceanstor 18800 Oceanstor 18800 Firmware Oceanstor 18800f Oceanstor 18800f Firmware Oceanstor 9000 Oceanstor 9000 Firmware Oceanstor Cse Oceanstor Cse Firmware Oceanstor Hvs85t Oceanstor Hvs85t Firmware Oceanstor Replicationdirector Oceanstor S2600t Oceanstor S2600t Firmware Oceanstor S5500t Oceanstor S5500t Firmware Oceanstor S5600t Oceanstor S5600t Firmware Oceanstor S5800t Oceanstor S5800t Firmware Oceanstor S6800t Oceanstor S6800t Firmware Oceanstor Vis6600t Oceanstor Vis6600t Firmware Policy Center Quidway S9300 Quidway S9300 Firmware S12700 S12700 Firmware S2700 S2700 Firmware S2750 S2750 Firmware S3700 S3700 Firmware S5700ei S5700ei Firmware S5700hi S5700hi Firmware S5700li S5700li Firmware S5700s-li S5700s-li Firmware S5700si S5700si Firmware S5710ei S5710ei Firmware S5710hi S5710hi Firmware S5720ei S5720ei Firmware S5720hi S5720hi Firmware S6700 S6700 Firmware S7700 S7700 Firmware Smc2.0 Te60 Te60 Firmware Ultravr

Ibm Cognos Metrics Manager

Opensuse Opensuse

Oracle Communications Application Session Controller Communications Policy Management Http Server Integrated Lights Out Manager Firmware

Redhat Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Tus Enterprise Linux Workstation Network Satellite Rhel Extras Rhel Extras Oracle Java Satellite

Suse Linux Enterprise Debuginfo Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit Manager

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-04-01T00:00:00.000Z

Updated: 2024-08-06T05:24:38.828Z

Reserved: 2015-03-31T00:00:00.000Z

Link: CVE-2015-2808

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-04-01T02:00:35.097

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-2808

Redhat

Severity : Moderate

Publid Date: 2015-03-30T00:00:00Z

Links: CVE-2015-2808 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-327

Tracking

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object