5
CVE-2015-2808
- EPSS 74.01%
- Veröffentlicht 01.04.2015 02:00:35
- Zuletzt bearbeitet 28.05.2026 14:16:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Communications Application Session Controller Version >= 3.0.0 <= 3.9.0
Oracle ≫ Communications Policy Management Version < 9.9.2
Oracle ≫ HTTP Server Version11.1.1.7.0
Oracle ≫ HTTP Server Version11.1.1.9.0
Oracle ≫ HTTP Server Version12.1.3.0.0
Oracle ≫ HTTP Server Version12.2.1.1.0
Oracle ≫ HTTP Server Version12.2.1.2.0
Oracle ≫ Integrated Lights Out Manager Firmware Version >= 3.0.0 <= 3.2.11
Oracle ≫ Integrated Lights Out Manager Firmware Version >= 4.0.0 <= 4.0.4
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Eus Version6.6
Redhat ≫ Enterprise Linux Eus Version7.1
Redhat ≫ Enterprise Linux Eus Version7.2
Redhat ≫ Enterprise Linux Eus Version7.3
Redhat ≫ Enterprise Linux Eus Version7.4
Redhat ≫ Enterprise Linux Eus Version7.5
Redhat ≫ Enterprise Linux Eus Version7.6
Redhat ≫ Enterprise Linux Eus Version7.7
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version6.6
Redhat ≫ Enterprise Linux Server Aus Version7.3
Redhat ≫ Enterprise Linux Server Aus Version7.4
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Aus Version7.7
Redhat ≫ Enterprise Linux Server Tus Version7.3
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.7
Redhat ≫ Enterprise Linux Workstation Version5.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp3
Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp4
Suse ≫ Linux Enterprise Desktop Version11 Updatesp3
Suse ≫ Linux Enterprise Desktop Version11 Updatesp4
Suse ≫ Linux Enterprise Desktop Version12 Update-
Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware
Suse ≫ Linux Enterprise Server Version12 Update-
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp3
Suse ≫ Linux Enterprise Software Development Kit Version12 Update-
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version15.04
Fujitsu ≫ Sparc Enterprise M3000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M4000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M5000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M8000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M9000 Firmware Version >= xcp < xcp_1121
Huawei ≫ E6000 Firmware Version-
Huawei ≫ E9000 Firmware Version-
Huawei ≫ Oceanstor 18500 Firmware Version-
Huawei ≫ Oceanstor 18800 Firmware Version-
Huawei ≫ Oceanstor 18800f Firmware Version-
Huawei ≫ Oceanstor 9000 Firmware Version-
Huawei ≫ Oceanstor Cse Firmware Version-
Huawei ≫ Oceanstor Hvs85t Firmware Version-
Huawei ≫ Oceanstor S2600t Firmware Version-
Huawei ≫ Oceanstor S5500t Firmware Version-
Huawei ≫ Oceanstor S5600t Firmware Version-
Huawei ≫ Oceanstor S5800t Firmware Version-
Huawei ≫ Oceanstor S6800t Firmware Version-
Huawei ≫ Oceanstor Vis6600t Firmware Version-
Huawei ≫ Quidway S9300 Firmware Version-
Huawei ≫ S7700 Firmware Version-
Huawei ≫ S7700 Firmware Version-
Huawei ≫ 9700 Firmware Version-
Huawei ≫ 9700 Firmware Version-
Huawei ≫ S12700 Firmware Version-
Huawei ≫ S12700 Firmware Version-
Huawei ≫ S2700 Firmware Version-
Huawei ≫ S3700 Firmware Version-
Huawei ≫ S5700ei Firmware Version-
Huawei ≫ S5700hi Firmware Version-
Huawei ≫ S5700si Firmware Version-
Huawei ≫ S5710ei Firmware Version-
Huawei ≫ S5710hi Firmware Version-
Huawei ≫ S6700 Firmware Version-
Huawei ≫ S2750 Firmware Version-
Huawei ≫ S5700li Firmware Version-
Huawei ≫ S5700s-li Firmware Version-
Huawei ≫ S5720hi Firmware Version-
Huawei ≫ S2750 Firmware Version-
Huawei ≫ S5700li Firmware Version-
Huawei ≫ S5700s-li Firmware Version-
Huawei ≫ S5720hi Firmware Version-
Huawei ≫ S5720ei Firmware Version-
Huawei ≫ Te60 Firmware Version-
Huawei ≫ Oceanstor Replicationdirector Versionv100r003c00
Huawei ≫ Policy Center Versionv100r003c00
Huawei ≫ Policy Center Versionv100r003c10
Ibm ≫ Cognos Metrics Manager Version10.1
Ibm ≫ Cognos Metrics Manager Version10.1.1
Ibm ≫ Cognos Metrics Manager Version10.2
Ibm ≫ Cognos Metrics Manager Version10.2.1
Ibm ≫ Cognos Metrics Manager Version10.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 74.01% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://rhn.redhat.com/errata/RHSA-2015-1006.html
http://rhn.redhat.com/errata/RHSA-2015-1007.html
http://rhn.redhat.com/errata/RHSA-2015-1020.html
http://rhn.redhat.com/errata/RHSA-2015-1021.html
http://rhn.redhat.com/errata/RHSA-2015-1091.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://kb.juniper.net/JSA10783
http://marc.info/?l=bugtraq&m=144493176821532&w=2
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
http://marc.info/?l=bugtraq&m=144043644216842&w=2
http://www-01.ibm.com/support/docview.wss?uid=swg21883640
http://www-304.ibm.com/support/docview.wss?uid=swg21960769
http://www.securityfocus.com/bid/91787
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
http://marc.info/?l=bugtraq&m=143456209711959&w=2
http://marc.info/?l=bugtraq&m=143629696317098&w=2
http://marc.info/?l=bugtraq&m=143741441012338&w=2
http://marc.info/?l=bugtraq&m=143817021313142&w=2
http://marc.info/?l=bugtraq&m=143817899717054&w=2
http://marc.info/?l=bugtraq&m=143818140118771&w=2
http://marc.info/?l=bugtraq&m=144059660127919&w=2
http://marc.info/?l=bugtraq&m=144059703728085&w=2
http://marc.info/?l=bugtraq&m=144060576831314&w=2
http://marc.info/?l=bugtraq&m=144060606031437&w=2
http://marc.info/?l=bugtraq&m=144069189622016&w=2
http://marc.info/?l=bugtraq&m=144102017024820&w=2
http://marc.info/?l=bugtraq&m=144104533800819&w=2
http://marc.info/?l=bugtraq&m=144104565600964&w=2
http://rhn.redhat.com/errata/RHSA-2015-1228.html
http://rhn.redhat.com/errata/RHSA-2015-1229.html
http://rhn.redhat.com/errata/RHSA-2015-1230.html
http://rhn.redhat.com/errata/RHSA-2015-1241.html
http://rhn.redhat.com/errata/RHSA-2015-1242.html
http://rhn.redhat.com/errata/RHSA-2015-1243.html
http://rhn.redhat.com/errata/RHSA-2015-1526.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892
http://www-304.ibm.com/support/docview.wss?uid=swg21903565
http://www-304.ibm.com/support/docview.wss?uid=swg21960015
http://www.debian.org/security/2015/dsa-3316
http://www.debian.org/security/2015/dsa-3339
http://www.huawei.com/en/psirt/security-advisories/hw-454055
http://www.securityfocus.com/bid/73684
http://www.securitytracker.com/id/1032599
http://www.securitytracker.com/id/1032600
http://www.securitytracker.com/id/1032707
http://www.securitytracker.com/id/1032708
http://www.securitytracker.com/id/1032734
http://www.securitytracker.com/id/1032788
http://www.securitytracker.com/id/1032858
http://www.securitytracker.com/id/1032868
http://www.securitytracker.com/id/1032910
http://www.securitytracker.com/id/1032990
http://www.securitytracker.com/id/1033071
http://www.securitytracker.com/id/1033072
http://www.securitytracker.com/id/1033386
http://www.securitytracker.com/id/1033415
http://www.securitytracker.com/id/1033431
http://www.securitytracker.com/id/1033432
http://www.securitytracker.com/id/1033737
http://www.securitytracker.com/id/1033769
http://www.securitytracker.com/id/1036222
http://www.ubuntu.com/usn/USN-2696-1
http://www.ubuntu.com/usn/USN-2706-1
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347
https://security.gentoo.org/glsa/201512-10
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/