Description
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Published: 2015-04-01
Score: 3.7 Low
EPSS: 23.4% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-303-1 openjdk-6 security update
Debian DSA Debian DSA DSA-3316-1 openjdk-7 security update
Debian DSA Debian DSA DSA-3339-1 openjdk-6 security update
Ubuntu USN Ubuntu USN USN-2696-1 OpenJDK 7 vulnerabilities
Ubuntu USN Ubuntu USN USN-2706-1 OpenJDK 6 vulnerabilities
References
Link Providers
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 cve-icon cve-icon
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 cve-icon cve-icon
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=143456209711959&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=143629696317098&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=143741441012338&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=143817021313142&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=143817899717054&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=143818140118771&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=144043644216842&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=144059660127919&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=144059703728085&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=144060576831314&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=144060606031437&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=144069189622016&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=144102017024820&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=144104533800819&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=144104565600964&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=144493176821532&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1006.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1007.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1020.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1021.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1091.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1228.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1229.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1230.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1241.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1242.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1243.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1526.html cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21883640 cve-icon cve-icon
http://www-304.ibm.com/support/docview.wss?uid=swg21903565 cve-icon cve-icon
http://www-304.ibm.com/support/docview.wss?uid=swg21960015 cve-icon cve-icon
http://www-304.ibm.com/support/docview.wss?uid=swg21960769 cve-icon cve-icon
http://www.debian.org/security/2015/dsa-3316 cve-icon cve-icon
http://www.debian.org/security/2015/dsa-3339 cve-icon cve-icon
http://www.huawei.com/en/psirt/security-advisories/hw-454055 cve-icon cve-icon
http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html cve-icon cve-icon
http://www.securityfocus.com/bid/73684 cve-icon cve-icon
http://www.securityfocus.com/bid/91787 cve-icon cve-icon
http://www.securitytracker.com/id/1032599 cve-icon cve-icon
http://www.securitytracker.com/id/1032600 cve-icon cve-icon
http://www.securitytracker.com/id/1032707 cve-icon cve-icon
http://www.securitytracker.com/id/1032708 cve-icon cve-icon
http://www.securitytracker.com/id/1032734 cve-icon cve-icon
http://www.securitytracker.com/id/1032788 cve-icon cve-icon
http://www.securitytracker.com/id/1032858 cve-icon cve-icon
http://www.securitytracker.com/id/1032868 cve-icon cve-icon
http://www.securitytracker.com/id/1032910 cve-icon cve-icon
http://www.securitytracker.com/id/1032990 cve-icon cve-icon
http://www.securitytracker.com/id/1033071 cve-icon cve-icon
http://www.securitytracker.com/id/1033072 cve-icon cve-icon
http://www.securitytracker.com/id/1033386 cve-icon cve-icon
http://www.securitytracker.com/id/1033415 cve-icon cve-icon
http://www.securitytracker.com/id/1033431 cve-icon cve-icon
http://www.securitytracker.com/id/1033432 cve-icon cve-icon
http://www.securitytracker.com/id/1033737 cve-icon cve-icon
http://www.securitytracker.com/id/1033769 cve-icon cve-icon
http://www.securitytracker.com/id/1036222 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2696-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2706-1 cve-icon cve-icon
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm cve-icon cve-icon
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922 cve-icon cve-icon
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140 cve-icon cve-icon
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190 cve-icon cve-icon
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119 cve-icon cve-icon
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241 cve-icon cve-icon
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256 cve-icon cve-icon
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246 cve-icon cve-icon
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789 cve-icon cve-icon
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650 cve-icon cve-icon
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380 cve-icon cve-icon
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988 cve-icon cve-icon
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347 cve-icon cve-icon
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 cve-icon cve-icon
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 cve-icon cve-icon
https://kb.juniper.net/JSA10783 cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10163 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2015-2808 cve-icon
https://security.gentoo.org/glsa/201512-10 cve-icon cve-icon
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709 cve-icon cve-icon
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2015-2808 cve-icon
https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/ cve-icon cve-icon
History

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Canonical Ubuntu Linux
Debian Debian Linux
Fujitsu Sparc Enterprise M3000 Sparc Enterprise M3000 Firmware Sparc Enterprise M4000 Sparc Enterprise M4000 Firmware Sparc Enterprise M5000 Sparc Enterprise M5000 Firmware Sparc Enterprise M8000 Sparc Enterprise M8000 Firmware Sparc Enterprise M9000 Sparc Enterprise M9000 Firmware
Huawei 9700 9700 Firmware E6000 E6000 Firmware E9000 E9000 Firmware Oceanstor 18500 Oceanstor 18500 Firmware Oceanstor 18800 Oceanstor 18800 Firmware Oceanstor 18800f Oceanstor 18800f Firmware Oceanstor 9000 Oceanstor 9000 Firmware Oceanstor Cse Oceanstor Cse Firmware Oceanstor Hvs85t Oceanstor Hvs85t Firmware Oceanstor Replicationdirector Oceanstor S2600t Oceanstor S2600t Firmware Oceanstor S5500t Oceanstor S5500t Firmware Oceanstor S5600t Oceanstor S5600t Firmware Oceanstor S5800t Oceanstor S5800t Firmware Oceanstor S6800t Oceanstor S6800t Firmware Oceanstor Vis6600t Oceanstor Vis6600t Firmware Policy Center Quidway S9300 Quidway S9300 Firmware S12700 S12700 Firmware S2700 S2700 Firmware S2750 S2750 Firmware S3700 S3700 Firmware S5700ei S5700ei Firmware S5700hi S5700hi Firmware S5700li S5700li Firmware S5700s-li S5700s-li Firmware S5700si S5700si Firmware S5710ei S5710ei Firmware S5710hi S5710hi Firmware S5720ei S5720ei Firmware S5720hi S5720hi Firmware S6700 S6700 Firmware S7700 S7700 Firmware Smc2.0 Te60 Te60 Firmware Ultravr
Ibm Cognos Metrics Manager
Opensuse Opensuse
Oracle Communications Application Session Controller Communications Policy Management Http Server Integrated Lights Out Manager Firmware
Redhat Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Tus Enterprise Linux Workstation Network Satellite Rhel Extras Rhel Extras Oracle Java Satellite
Suse Linux Enterprise Debuginfo Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-28T12:53:51.914Z

Reserved: 2015-03-31T00:00:00.000Z

Link: CVE-2015-2808

cve-icon Vulnrichment

Updated: 2024-08-06T05:24:38.828Z

cve-icon NVD

Status : Modified

Published: 2015-04-01T02:00:35.097

Modified: 2026-05-28T14:16:16.170

Link: CVE-2015-2808

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-03-30T00:00:00Z

Links: CVE-2015-2808 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses