IBM Java SE is vulnerable to information disclosure. The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the “Bar Mitzvah” issue.
h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
marc.info/?l=bugtraq&m=143456209711959&w=2
marc.info/?l=bugtraq&m=143629696317098&w=2
marc.info/?l=bugtraq&m=143741441012338&w=2
marc.info/?l=bugtraq&m=143817021313142&w=2
marc.info/?l=bugtraq&m=143817899717054&w=2
marc.info/?l=bugtraq&m=143818140118771&w=2
marc.info/?l=bugtraq&m=144043644216842&w=2
marc.info/?l=bugtraq&m=144059660127919&w=2
marc.info/?l=bugtraq&m=144059703728085&w=2
marc.info/?l=bugtraq&m=144060576831314&w=2
marc.info/?l=bugtraq&m=144060606031437&w=2
marc.info/?l=bugtraq&m=144069189622016&w=2
marc.info/?l=bugtraq&m=144102017024820&w=2
marc.info/?l=bugtraq&m=144104533800819&w=2
marc.info/?l=bugtraq&m=144104565600964&w=2
marc.info/?l=bugtraq&m=144493176821532&w=2
rhn.redhat.com/errata/RHSA-2015-1006.html
rhn.redhat.com/errata/RHSA-2015-1007.html
rhn.redhat.com/errata/RHSA-2015-1020.html
rhn.redhat.com/errata/RHSA-2015-1021.html
rhn.redhat.com/errata/RHSA-2015-1091.html
rhn.redhat.com/errata/RHSA-2015-1228.html
rhn.redhat.com/errata/RHSA-2015-1229.html
rhn.redhat.com/errata/RHSA-2015-1230.html
rhn.redhat.com/errata/RHSA-2015-1241.html
rhn.redhat.com/errata/RHSA-2015-1242.html
rhn.redhat.com/errata/RHSA-2015-1243.html
rhn.redhat.com/errata/RHSA-2015-1526.html
www-01.ibm.com/support/docview.wss?uid=swg1IV71888
www-01.ibm.com/support/docview.wss?uid=swg1IV71892
www-01.ibm.com/support/docview.wss?uid=swg21883640
www-304.ibm.com/support/docview.wss?uid=swg21903565
www-304.ibm.com/support/docview.wss?uid=swg21960015
www-304.ibm.com/support/docview.wss?uid=swg21960769
www.debian.org/security/2015/dsa-3316
www.debian.org/security/2015/dsa-3339
www.huawei.com/en/psirt/security-advisories/hw-454055
www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
www.securityfocus.com/bid/73684
www.securityfocus.com/bid/91787
www.securitytracker.com/id/1032599
www.securitytracker.com/id/1032600
www.securitytracker.com/id/1032707
www.securitytracker.com/id/1032708
www.securitytracker.com/id/1032734
www.securitytracker.com/id/1032788
www.securitytracker.com/id/1032858
www.securitytracker.com/id/1032868
www.securitytracker.com/id/1032910
www.securitytracker.com/id/1032990
www.securitytracker.com/id/1033071
www.securitytracker.com/id/1033072
www.securitytracker.com/id/1033386
www.securitytracker.com/id/1033415
www.securitytracker.com/id/1033431
www.securitytracker.com/id/1033432
www.securitytracker.com/id/1033737
www.securitytracker.com/id/1033769
www.securitytracker.com/id/1036222
www.ubuntu.com/usn/USN-2696-1
www.ubuntu.com/usn/USN-2706-1
www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=1207101#c4
h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650
h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
kb.juniper.net/JSA10783
kc.mcafee.com/corporate/index?page=content&id=SB10163
rhn.redhat.com/errata/RHSA-2015-1006.html
security.gentoo.org/glsa/201512-10
www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709
www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
www.ibm.com/developerworks/java/jdk/alerts/