Lucene search

[email protected]NVD:CVE-2015-2808

HistoryApr 01, 2015 - 2:00 a.m.

CVE-2015-2808

2015-04-0102:00:35

CWE-327

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the “Bar Mitzvah” issue.

Affected configurations

NVD

Node

oraclecommunications_application_session_controllerRange3.0.0–3.9.0

oraclecommunications_policy_managementRange<9.9.2

oraclehttp_serverMatch11.1.1.7.0

oraclehttp_serverMatch11.1.1.9.0

oraclehttp_serverMatch12.1.3.0.0

oraclehttp_serverMatch12.2.1.1.0

oraclehttp_serverMatch12.2.1.2.0

oracleintegrated_lights_out_manager_firmwareRange3.0.0–3.2.11

oracleintegrated_lights_out_manager_firmwareRange4.0.0–4.0.4

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

redhatsatelliteMatch5.7

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch6.6

redhatenterprise_linux_eusMatch7.1

redhatenterprise_linux_eusMatch7.2

redhatenterprise_linux_eusMatch7.3

redhatenterprise_linux_eusMatch7.4

redhatenterprise_linux_eusMatch7.5

redhatenterprise_linux_eusMatch7.6

redhatenterprise_linux_eusMatch7.7

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch6.6

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_tusMatch7.3

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

suselinux_enterprise_debuginfoMatch11sp3

suselinux_enterprise_debuginfoMatch11sp4

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_desktopMatch11sp4

suselinux_enterprise_desktopMatch12-

suselinux_enterprise_serverMatch10sp4ltss

suselinux_enterprise_serverMatch11sp1ltss

suselinux_enterprise_serverMatch11sp2ltss

suselinux_enterprise_serverMatch11sp3vmware

suselinux_enterprise_serverMatch12-

suselinux_enterprise_software_development_kitMatch11sp3

suselinux_enterprise_software_development_kitMatch12-

Node

suselinux_enterprise_serverMatch11sp2-

AND

susemanagerMatch1.7

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch15.04

Node

redhatenterprise_linuxMatch5.0

redhatenterprise_linuxMatch6.0

AND

redhatsatelliteMatch5.6

Node

fujitsusparc_enterprise_m3000Match-

AND

fujitsusparc_enterprise_m3000_firmwareRangexcp–xcp_1121

Node

fujitsusparc_enterprise_m4000Match-

AND

fujitsusparc_enterprise_m4000_firmwareRangexcp–xcp_1121

Node

fujitsusparc_enterprise_m5000Match-

AND

fujitsusparc_enterprise_m5000_firmwareRangexcp–xcp_1121

Node

fujitsusparc_enterprise_m8000Match-

AND

fujitsusparc_enterprise_m8000_firmwareRangexcp–xcp_1121

Node

fujitsusparc_enterprise_m9000_firmwareRangexcp–xcp_1121

AND

fujitsusparc_enterprise_m9000Match-

Node

huaweie6000_firmwareMatch-

AND

huaweie6000Match-

Node

huaweie9000_firmwareMatch-

AND

huaweie9000Match-

Node

huaweioceanstor_18500_firmwareMatch-

AND

huaweioceanstor_18500Match-

Node

huaweioceanstor_18800_firmwareMatch-

AND

huaweioceanstor_18800Match-

Node

huaweioceanstor_18800f_firmwareMatch-

AND

huaweioceanstor_18800fMatch-

Node

huaweioceanstor_9000_firmwareMatch-

AND

huaweioceanstor_9000Match-

Node

huaweioceanstor_cse_firmwareMatch-

AND

huaweioceanstor_cseMatch-

Node

huaweioceanstor_hvs85t_firmwareMatch-

AND

huaweioceanstor_hvs85tMatch-

Node

huaweioceanstor_s2600t_firmwareMatch-

AND

huaweioceanstor_s2600tMatch-

Node

huaweioceanstor_s5500t_firmwareMatch-

AND

huaweioceanstor_s5500tMatch-

Node

huaweioceanstor_s5600t_firmwareMatch-

AND

huaweioceanstor_s5600tMatch-

Node

huaweioceanstor_s5800t_firmwareMatch-

AND

huaweioceanstor_s5800tMatch-

Node

huaweioceanstor_s6800t_firmwareMatch-

AND

huaweioceanstor_s6800tMatch-

Node

huaweioceanstor_vis6600t_firmwareMatch-

AND

huaweioceanstor_vis6600tMatch-

Node

huaweiquidway_s9300Match-

AND

huaweiquidway_s9300_firmwareMatch-

Node

huaweis7700_firmwareMatch-

AND

huaweis7700Match-

Node

huaweis7700_firmwareMatch-

AND

huaweis7700Match-

Node

huawei9700_firmwareMatch-

AND

huawei9700Match-

Node

huawei9700_firmwareMatch-

AND

huawei9700Match-

Node

huaweis12700_firmwareMatch-

AND

huaweis12700Match-

Node

huaweis12700_firmwareMatch-

AND

huaweis12700Match-

Node

huaweis2700_firmwareMatch-

AND

huaweis2700Match-

Node

huaweis3700_firmwareMatch-

AND

huaweis3700Match-

Node

huaweis5700ei_firmwareMatch-

AND

huaweis5700eiMatch-

Node

huaweis5700hi_firmwareMatch-

AND

huaweis5700hiMatch-

Node

huaweis5700si_firmwareMatch-

AND

huaweis5700siMatch-

Node

huaweis5710ei_firmwareMatch-

AND

huaweis5710eiMatch-

Node

huaweis5710hi_firmwareMatch-

AND

huaweis5710hiMatch-

Node

huaweis6700_firmwareMatch-

AND

huaweis6700Match-

Node

huaweis2750_firmwareMatch-

AND

huaweis2750Match-

Node

huaweis5700li_firmwareMatch-

AND

huaweis5700liMatch-

Node

huaweis5700s-li_firmwareMatch-

AND

huaweis5700s-liMatch-

Node

huaweis5720hi_firmwareMatch-

AND

huaweis5720hiMatch-

Node

huaweis2750_firmwareMatch-

AND

huaweis2750Match-

Node

huaweis5700li_firmwareMatch-

AND

huaweis5700liMatch-

Node

huaweis5700s-li_firmwareMatch-

AND

huaweis5700s-liMatch-

Node

huaweis5720hi_firmwareMatch-

AND

huaweis5720hiMatch-

Node

huaweis5720ei_firmwareMatch-

AND

huaweis5720eiMatch-

Node

huaweite60_firmwareMatch-

AND

huaweite60Match-

Node

huaweioceanstor_replicationdirectorMatchv100r003c00

huaweipolicy_centerMatchv100r003c00

huaweipolicy_centerMatchv100r003c10

huaweismc2.0Matchv100r002c01

huaweismc2.0Matchv100r002c02

huaweismc2.0Matchv100r002c03

huaweismc2.0Matchv100r002c04

huaweiultravrMatchv100r003c00

Node

ibmcognos_metrics_managerMatch10.1

ibmcognos_metrics_managerMatch10.1.1

ibmcognos_metrics_managerMatch10.2

ibmcognos_metrics_managerMatch10.2.1

ibmcognos_metrics_managerMatch10.2.2

References

h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

kb.juniper.net/InfoCenter/index?page=content&id=JSA10727

lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

marc.info/?l=bugtraq&m=143456209711959&w=2

marc.info/?l=bugtraq&m=143629696317098&w=2

marc.info/?l=bugtraq&m=143741441012338&w=2

marc.info/?l=bugtraq&m=143817021313142&w=2

marc.info/?l=bugtraq&m=143817899717054&w=2

marc.info/?l=bugtraq&m=143818140118771&w=2

marc.info/?l=bugtraq&m=144043644216842&w=2

marc.info/?l=bugtraq&m=144059660127919&w=2

marc.info/?l=bugtraq&m=144059703728085&w=2

marc.info/?l=bugtraq&m=144060576831314&w=2

marc.info/?l=bugtraq&m=144060606031437&w=2

marc.info/?l=bugtraq&m=144069189622016&w=2

marc.info/?l=bugtraq&m=144102017024820&w=2

marc.info/?l=bugtraq&m=144104533800819&w=2

marc.info/?l=bugtraq&m=144104565600964&w=2

marc.info/?l=bugtraq&m=144493176821532&w=2

rhn.redhat.com/errata/RHSA-2015-1006.html

rhn.redhat.com/errata/RHSA-2015-1007.html

rhn.redhat.com/errata/RHSA-2015-1020.html

rhn.redhat.com/errata/RHSA-2015-1021.html

rhn.redhat.com/errata/RHSA-2015-1091.html

rhn.redhat.com/errata/RHSA-2015-1228.html

rhn.redhat.com/errata/RHSA-2015-1229.html

rhn.redhat.com/errata/RHSA-2015-1230.html

rhn.redhat.com/errata/RHSA-2015-1241.html

rhn.redhat.com/errata/RHSA-2015-1242.html

rhn.redhat.com/errata/RHSA-2015-1243.html

rhn.redhat.com/errata/RHSA-2015-1526.html

www-01.ibm.com/support/docview.wss?uid=swg1IV71888

www-01.ibm.com/support/docview.wss?uid=swg1IV71892

www-01.ibm.com/support/docview.wss?uid=swg21883640

www-304.ibm.com/support/docview.wss?uid=swg21903565

www-304.ibm.com/support/docview.wss?uid=swg21960015

www-304.ibm.com/support/docview.wss?uid=swg21960769

www.debian.org/security/2015/dsa-3316

www.debian.org/security/2015/dsa-3339

www.huawei.com/en/psirt/security-advisories/hw-454055

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.securityfocus.com/bid/73684

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1032599

www.securitytracker.com/id/1032600

www.securitytracker.com/id/1032707

www.securitytracker.com/id/1032708

www.securitytracker.com/id/1032734

www.securitytracker.com/id/1032788

www.securitytracker.com/id/1032858

www.securitytracker.com/id/1032868

www.securitytracker.com/id/1032910

www.securitytracker.com/id/1032990

www.securitytracker.com/id/1033071

www.securitytracker.com/id/1033072

www.securitytracker.com/id/1033386

www.securitytracker.com/id/1033415

www.securitytracker.com/id/1033431

www.securitytracker.com/id/1033432

www.securitytracker.com/id/1033737

www.securitytracker.com/id/1033769

www.securitytracker.com/id/1036222

www.ubuntu.com/usn/USN-2696-1

www.ubuntu.com/usn/USN-2706-1

www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650

h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888

kb.juniper.net/JSA10783

kc.mcafee.com/corporate/index?page=content&id=SB10163

security.gentoo.org/glsa/201512-10

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709

www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf

www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for NVD:CVE-2015-2808

nessus12 ibm173 veracode1 huawei1 f52 openvas3 aix1 prion1 debiancve1 cve1 cvelist1 ubuntucve1 checkpoint_advisories1