5
CVE-2015-2808
- EPSS 52.59%
- Veröffentlicht 01.04.2015 02:00:35
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Communications Application Session Controller Version >= 3.0.0 <= 3.9.0
Oracle ≫ Communications Policy Management Version < 9.9.2
Oracle ≫ HTTP Server Version11.1.1.7.0
Oracle ≫ HTTP Server Version11.1.1.9.0
Oracle ≫ HTTP Server Version12.1.3.0.0
Oracle ≫ HTTP Server Version12.2.1.1.0
Oracle ≫ HTTP Server Version12.2.1.2.0
Oracle ≫ Integrated Lights Out Manager Firmware Version >= 3.0.0 <= 3.2.11
Oracle ≫ Integrated Lights Out Manager Firmware Version >= 4.0.0 <= 4.0.4
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Eus Version6.6
Redhat ≫ Enterprise Linux Eus Version7.1
Redhat ≫ Enterprise Linux Eus Version7.2
Redhat ≫ Enterprise Linux Eus Version7.3
Redhat ≫ Enterprise Linux Eus Version7.4
Redhat ≫ Enterprise Linux Eus Version7.5
Redhat ≫ Enterprise Linux Eus Version7.6
Redhat ≫ Enterprise Linux Eus Version7.7
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version6.6
Redhat ≫ Enterprise Linux Server Aus Version7.3
Redhat ≫ Enterprise Linux Server Aus Version7.4
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Aus Version7.7
Redhat ≫ Enterprise Linux Server Tus Version7.3
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.7
Redhat ≫ Enterprise Linux Workstation Version5.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp3
Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp4
Suse ≫ Linux Enterprise Desktop Version11 Updatesp3
Suse ≫ Linux Enterprise Desktop Version11 Updatesp4
Suse ≫ Linux Enterprise Desktop Version12 Update-
Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware
Suse ≫ Linux Enterprise Server Version12 Update-
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp3
Suse ≫ Linux Enterprise Software Development Kit Version12 Update-
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version15.04
Fujitsu ≫ Sparc Enterprise M3000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M4000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M5000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M8000 Firmware Version >= xcp < xcp_1121
Fujitsu ≫ Sparc Enterprise M9000 Firmware Version >= xcp < xcp_1121
Huawei ≫ E6000 Firmware Version-
Huawei ≫ E9000 Firmware Version-
Huawei ≫ Oceanstor 18500 Firmware Version-
Huawei ≫ Oceanstor 18800 Firmware Version-
Huawei ≫ Oceanstor 18800f Firmware Version-
Huawei ≫ Oceanstor 9000 Firmware Version-
Huawei ≫ Oceanstor Cse Firmware Version-
Huawei ≫ Oceanstor Hvs85t Firmware Version-
Huawei ≫ Oceanstor S2600t Firmware Version-
Huawei ≫ Oceanstor S5500t Firmware Version-
Huawei ≫ Oceanstor S5600t Firmware Version-
Huawei ≫ Oceanstor S5800t Firmware Version-
Huawei ≫ Oceanstor S6800t Firmware Version-
Huawei ≫ Oceanstor Vis6600t Firmware Version-
Huawei ≫ Quidway S9300 Firmware Version-
Huawei ≫ S7700 Firmware Version-
Huawei ≫ S7700 Firmware Version-
Huawei ≫ 9700 Firmware Version-
Huawei ≫ 9700 Firmware Version-
Huawei ≫ S12700 Firmware Version-
Huawei ≫ S12700 Firmware Version-
Huawei ≫ S2700 Firmware Version-
Huawei ≫ S3700 Firmware Version-
Huawei ≫ S5700ei Firmware Version-
Huawei ≫ S5700hi Firmware Version-
Huawei ≫ S5700si Firmware Version-
Huawei ≫ S5710ei Firmware Version-
Huawei ≫ S5710hi Firmware Version-
Huawei ≫ S6700 Firmware Version-
Huawei ≫ S2750 Firmware Version-
Huawei ≫ S5700li Firmware Version-
Huawei ≫ S5700s-li Firmware Version-
Huawei ≫ S5720hi Firmware Version-
Huawei ≫ S2750 Firmware Version-
Huawei ≫ S5700li Firmware Version-
Huawei ≫ S5700s-li Firmware Version-
Huawei ≫ S5720hi Firmware Version-
Huawei ≫ S5720ei Firmware Version-
Huawei ≫ Te60 Firmware Version-
Huawei ≫ Oceanstor Replicationdirector Versionv100r003c00
Huawei ≫ Policy Center Versionv100r003c00
Huawei ≫ Policy Center Versionv100r003c10
Ibm ≫ Cognos Metrics Manager Version10.1
Ibm ≫ Cognos Metrics Manager Version10.1.1
Ibm ≫ Cognos Metrics Manager Version10.2
Ibm ≫ Cognos Metrics Manager Version10.2.1
Ibm ≫ Cognos Metrics Manager Version10.2.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 52.59% | 0.979 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.