CVE-2015-2808 - Vulnerability Details

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.32288.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:oracle:communications_application_session_controller::::::::
	cpe:2.3:a:oracle:communications_policy_management::::::::
	cpe:2.3:a:oracle:http_server:11.1.1.7.0:::::::*
	cpe:2.3:a:oracle:http_server:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:http_server:12.1.3.0.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.1.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.2.0:::::::*
	cpe:2.3:o:oracle:integrated_lights_out_manager_firmware::::::::
	cpe:2.3:o:oracle:integrated_lights_out_manager_firmware::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:satellite:5.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3::::::
	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::

Configuration 5 [-]

AND

cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

Configuration 6 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Configuration 7 [-]

AND

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

Configuration 8 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m3000:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m4000:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m5000:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m8000:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sparc_enterprise_m9000:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:huawei:e6000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:e6000:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:huawei:e9000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:e9000:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:huawei:oceanstor_18500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_18500:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:huawei:oceanstor_18800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_18800:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:huawei:oceanstor_18800f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_18800f:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:huawei:oceanstor_9000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_9000:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:huawei:oceanstor_cse_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_cse:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_hvs85t:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:huawei:oceanstor_s2600t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_s2600t:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:huawei:oceanstor_s5500t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_s5500t:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:huawei:oceanstor_s5600t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_s5600t:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:huawei:oceanstor_s5800t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_s5800t:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:huawei:oceanstor_s6800t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_s6800t:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:huawei:oceanstor_vis6600t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_vis6600t:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:huawei:quidway_s9300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:quidway_s9300:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:huawei:s7700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:huawei:s7700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:huawei:9700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:9700:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:huawei:9700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:9700:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:huawei:s12700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:huawei:s12700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:huawei:s2700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s2700:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:huawei:s3700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s3700:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:huawei:s5700ei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700ei:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:huawei:s5700hi_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700hi:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:huawei:s5700si_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700si:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:huawei:s5710ei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5710ei:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:huawei:s5710hi_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5710hi:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:huawei:s6700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:huawei:s2750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s2750:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:huawei:s5700li_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700li:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:huawei:s5700s-li_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700s-li:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:huawei:s5720hi_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5720hi:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:huawei:s2750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s2750:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:huawei:s5700li_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700li:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:huawei:s5700s-li_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700s-li:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:huawei:s5720hi_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5720hi:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:huawei:s5720ei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5720ei:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:huawei:te60_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*

Configuration 52 [-]

OR	cpe:2.3:a:huawei:oceanstor_replicationdirector:v100r003c00:::::::*
	cpe:2.3:a:huawei:policy_center:v100r003c00:::::::*
	cpe:2.3:a:huawei:policy_center:v100r003c10:::::::*
	cpe:2.3:a:huawei:smc2.0:v100r002c01:::::::*
	cpe:2.3:a:huawei:smc2.0:v100r002c02:::::::*
	cpe:2.3:a:huawei:smc2.0:v100r002c03:::::::*
	cpe:2.3:a:huawei:smc2.0:v100r002c04:::::::*
	cpe:2.3:a:huawei:ultravr:v100r003c00:::::::*

Configuration 53 [-]

OR	cpe:2.3:a:ibm:cognos_metrics_manager:10.1:::::::*
	cpe:2.3:a:ibm:cognos_metrics_manager:10.1.1:::::::*
	cpe:2.3:a:ibm:cognos_metrics_manager:10.2:::::::*
	cpe:2.3:a:ibm:cognos_metrics_manager:10.2.1:::::::*
	cpe:2.3:a:ibm:cognos_metrics_manager:10.2.2:::::::*

Package	CPE	Advisory	Released Date
Oracle Java for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2015:1242	2015-07-17T00:00:00Z
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2015:1243	2015-07-17T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 6
java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:1241	2015-07-17T00:00:00Z
java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:1242	2015-07-17T00:00:00Z
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:1243	2015-07-17T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 7
java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:1241	2015-07-17T00:00:00Z
java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:1242	2015-07-17T00:00:00Z
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:1243	2015-07-17T00:00:00Z
Red Hat Enterprise Linux 5
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1230	2015-07-15T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1526	2015-07-30T00:00:00Z
Red Hat Enterprise Linux 5 Supplementary
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:1006	2015-05-13T00:00:00Z
java-1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:1007	2015-05-13T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:1021	2015-05-20T00:00:00Z
Red Hat Enterprise Linux 6
java-1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1228	2015-07-15T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1229	2015-07-15T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1526	2015-07-30T00:00:00Z
Red Hat Enterprise Linux 7
java-1.8.0-openjdk-1:1.8.0.51-1.b16.ael7b_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1228	2015-07-15T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.ael7b_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1229	2015-07-15T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1526	2015-07-30T00:00:00Z
Red Hat Satellite 5.6
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5	cpe:/a:redhat:network_satellite:5.6::el5	RHSA-2015:1091	2015-06-11T00:00:00Z
Red Hat Satellite 5.7
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6	cpe:/a:redhat:network_satellite:5.7::el6	RHSA-2015:1091	2015-06-11T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2015:1006	2015-05-13T00:00:00Z
java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2015:1020	2015-05-20T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2015:1021	2015-05-20T00:00:00Z
Supplementary for Red Hat Enterprise Linux 7
java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.ael7b_1	cpe:/a:redhat:rhel_extras:7	RHSA-2015:1020	2015-05-20T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Canonical Subscribe	Ubuntu Linux Subscribe
Debian Subscribe	Debian Linux Subscribe
Fujitsu Subscribe	Sparc Enterprise M3000 Subscribe Sparc Enterprise M3000 Firmware Subscribe Sparc Enterprise M4000 Subscribe Sparc Enterprise M4000 Firmware Subscribe Sparc Enterprise M5000 Subscribe Sparc Enterprise M5000 Firmware Subscribe Sparc Enterprise M8000 Subscribe Sparc Enterprise M8000 Firmware Subscribe Sparc Enterprise M9000 Subscribe Sparc Enterprise M9000 Firmware Subscribe
Huawei Subscribe	9700 Subscribe 9700 Firmware Subscribe E6000 Subscribe E6000 Firmware Subscribe E9000 Subscribe E9000 Firmware Subscribe Oceanstor 18500 Subscribe Oceanstor 18500 Firmware Subscribe Oceanstor 18800 Subscribe Oceanstor 18800 Firmware Subscribe Oceanstor 18800f Subscribe Oceanstor 18800f Firmware Subscribe Oceanstor 9000 Subscribe Oceanstor 9000 Firmware Subscribe Oceanstor Cse Subscribe Oceanstor Cse Firmware Subscribe Oceanstor Hvs85t Subscribe Oceanstor Hvs85t Firmware Subscribe Oceanstor Replicationdirector Subscribe Oceanstor S2600t Subscribe Oceanstor S2600t Firmware Subscribe Oceanstor S5500t Subscribe Oceanstor S5500t Firmware Subscribe Oceanstor S5600t Subscribe Oceanstor S5600t Firmware Subscribe Oceanstor S5800t Subscribe Oceanstor S5800t Firmware Subscribe Oceanstor S6800t Subscribe Oceanstor S6800t Firmware Subscribe Oceanstor Vis6600t Subscribe Oceanstor Vis6600t Firmware Subscribe Policy Center Subscribe Quidway S9300 Subscribe Quidway S9300 Firmware Subscribe S12700 Subscribe S12700 Firmware Subscribe S2700 Subscribe S2700 Firmware Subscribe S2750 Subscribe S2750 Firmware Subscribe S3700 Subscribe S3700 Firmware Subscribe S5700ei Subscribe S5700ei Firmware Subscribe S5700hi Subscribe S5700hi Firmware Subscribe S5700li Subscribe S5700li Firmware Subscribe S5700s-li Subscribe S5700s-li Firmware Subscribe S5700si Subscribe S5700si Firmware Subscribe S5710ei Subscribe S5710ei Firmware Subscribe S5710hi Subscribe S5710hi Firmware Subscribe S5720ei Subscribe S5720ei Firmware Subscribe S5720hi Subscribe S5720hi Firmware Subscribe S6700 Subscribe S6700 Firmware Subscribe S7700 Subscribe S7700 Firmware Subscribe Smc2.0 Subscribe Te60 Subscribe Te60 Firmware Subscribe Ultravr Subscribe
Ibm Subscribe	Cognos Metrics Manager Subscribe
Opensuse Subscribe	Opensuse Subscribe
Oracle Subscribe	Communications Application Session Controller Subscribe Communications Policy Management Subscribe Http Server Subscribe Integrated Lights Out Manager Firmware Subscribe
Redhat Subscribe	Enterprise Linux Subscribe Enterprise Linux Desktop Subscribe Enterprise Linux Eus Subscribe Enterprise Linux Server Subscribe Enterprise Linux Server Aus Subscribe Enterprise Linux Server Tus Subscribe Enterprise Linux Workstation Subscribe Network Satellite Subscribe Rhel Extras Subscribe Rhel Extras Oracle Java Subscribe Satellite Subscribe
Suse Subscribe	Linux Enterprise Debuginfo Subscribe Linux Enterprise Desktop Subscribe Linux Enterprise Server Subscribe Linux Enterprise Software Development Kit Subscribe Manager Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-303-1	openjdk-6 security update
Debian DSA	DSA-3316-1	openjdk-7 security update
Debian DSA	DSA-3339-1	openjdk-6 security update
Ubuntu USN	USN-2696-1	OpenJDK 7 vulnerabilities
Ubuntu USN	USN-2706-1	OpenJDK 6 vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
http://marc.info/?l=bugtraq&m=143456209711959&w=2
http://marc.info/?l=bugtraq&m=143629696317098&w=2
http://marc.info/?l=bugtraq&m=143741441012338&w=2
http://marc.info/?l=bugtraq&m=143817021313142&w=2
http://marc.info/?l=bugtraq&m=143817899717054&w=2
http://marc.info/?l=bugtraq&m=143818140118771&w=2
http://marc.info/?l=bugtraq&m=144043644216842&w=2
http://marc.info/?l=bugtraq&m=144059660127919&w=2
http://marc.info/?l=bugtraq&m=144059703728085&w=2
http://marc.info/?l=bugtraq&m=144060576831314&w=2
http://marc.info/?l=bugtraq&m=144060606031437&w=2
http://marc.info/?l=bugtraq&m=144069189622016&w=2
http://marc.info/?l=bugtraq&m=144102017024820&w=2
http://marc.info/?l=bugtraq&m=144104533800819&w=2
http://marc.info/?l=bugtraq&m=144104565600964&w=2
http://marc.info/?l=bugtraq&m=144493176821532&w=2
http://rhn.redhat.com/errata/RHSA-2015-1006.html
http://rhn.redhat.com/errata/RHSA-2015-1007.html
http://rhn.redhat.com/errata/RHSA-2015-1020.html
http://rhn.redhat.com/errata/RHSA-2015-1021.html
http://rhn.redhat.com/errata/RHSA-2015-1091.html
http://rhn.redhat.com/errata/RHSA-2015-1228.html
http://rhn.redhat.com/errata/RHSA-2015-1229.html
http://rhn.redhat.com/errata/RHSA-2015-1230.html
http://rhn.redhat.com/errata/RHSA-2015-1241.html
http://rhn.redhat.com/errata/RHSA-2015-1242.html
http://rhn.redhat.com/errata/RHSA-2015-1243.html
http://rhn.redhat.com/errata/RHSA-2015-1526.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892
http://www-01.ibm.com/support/docview.wss?uid=swg21883640
http://www-304.ibm.com/support/docview.wss?uid=swg21903565
http://www-304.ibm.com/support/docview.wss?uid=swg21960015
http://www-304.ibm.com/support/docview.wss?uid=swg21960769
http://www.debian.org/security/2015/dsa-3316
http://www.debian.org/security/2015/dsa-3339
http://www.huawei.com/en/psirt/security-advisories/hw-454055
http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/bid/73684
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1032599
http://www.securitytracker.com/id/1032600
http://www.securitytracker.com/id/1032707
http://www.securitytracker.com/id/1032708
http://www.securitytracker.com/id/1032734
http://www.securitytracker.com/id/1032788
http://www.securitytracker.com/id/1032858
http://www.securitytracker.com/id/1032868
http://www.securitytracker.com/id/1032910
http://www.securitytracker.com/id/1032990
http://www.securitytracker.com/id/1033071
http://www.securitytracker.com/id/1033072
http://www.securitytracker.com/id/1033386
http://www.securitytracker.com/id/1033415
http://www.securitytracker.com/id/1033431
http://www.securitytracker.com/id/1033432
http://www.securitytracker.com/id/1033737
http://www.securitytracker.com/id/1033769
http://www.securitytracker.com/id/1036222
http://www.ubuntu.com/usn/USN-2696-1
http://www.ubuntu.com/usn/USN-2706-1
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
https://kb.juniper.net/JSA10783
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
https://nvd.nist.gov/vuln/detail/CVE-2015-2808
https://security.gentoo.org/glsa/201512-10
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
https://www.cve.org/CVERecord?id=CVE-2015-2808
https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-04-01T00:00:00.000Z

Updated: 2024-08-06T05:24:38.828Z

Reserved: 2015-03-31T00:00:00.000Z

Link: CVE-2015-2808

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-04-01T02:00:35.097

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-2808

Redhat

Severity : Moderate

Publid Date: 2015-03-30T00:00:00Z

Links: CVE-2015-2808 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-327

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object