Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2015-2808
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- Partial
- Availability Impact
- None
- Integrity Impact
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*: |
Yes
|
4.0.0 | - | |
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*: |
Yes
|
3.0.0 | - | |
cpe:2.3:a:oracle:communications_application_session_controll |
Yes
|
3.0.0 | - | |
cpe:2.3:a:oracle:http_server:12.2.1.1.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_policy_management:*:*:*:*:*: |
Yes
|
- | 9.9.2 | |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:* |
Yes
|
- | - | |
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11: |
Yes
|
- | - | |
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12: |
Yes
|
- | - | |
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:huawei:policy_center:v100r003c10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:huawei:policy_center:v100r003c00:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:huawei:smc2.0:v100r002c01:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:huawei:smc2.0:v100r002c02:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:huawei:smc2.0:v100r002c03:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:huawei:smc2.0:v100r002c04:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:huawei:ultravr:v100r003c00:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:huawei:oceanstor_replicationdirector:v100r003c00:* |
Yes
|
- | - | |
cpe:2.3:a:ibm:cognos_metrics_manager:10.2.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ibm:cognos_metrics_manager:10.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ibm:cognos_metrics_manager:10.1.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ibm:cognos_metrics_manager:10.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:ibm:cognos_metrics_manager:10.2.2:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaki
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888
- http://www-01.ibm.com/support/docview.wss?uid=swg21883640
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://marc.info/?l=bugtraq&m=143817021313142&w=2
- http://marc.info/?l=bugtraq&m=143817899717054&w=2
- http://marc.info/?l=bugtraq&m=143741441012338&w=2
- http://marc.info/?l=bugtraq&m=143818140118771&w=2
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.huawei.com/en/psirt/security-advisories/hw-454055
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/91787
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347
- http://marc.info/?l=bugtraq&m=144060576831314&w=2
- http://marc.info/?l=bugtraq&m=144069189622016&w=2
- http://marc.info/?l=bugtraq&m=144493176821532&w=2
- http://marc.info/?l=bugtraq&m=144102017024820&w=2
- http://marc.info/?l=bugtraq&m=143629696317098&w=2
- http://marc.info/?l=bugtraq&m=144043644216842&w=2
- http://marc.info/?l=bugtraq&m=144059660127919&w=2
- http://marc.info/?l=bugtraq&m=144059703728085&w=2
- http://marc.info/?l=bugtraq&m=144104565600964&w=2
- http://marc.info/?l=bugtraq&m=143456209711959&w=2
- http://marc.info/?l=bugtraq&m=144104533800819&w=2
- http://marc.info/?l=bugtraq&m=144060606031437&w=2
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
- https://kc.mcafee.com/corporate/index?page=content&id=SB10163
- http://www.securitytracker.com/id/1032599
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
- https://security.gentoo.org/glsa/201512-10
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-45405
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
- https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709
- http://www.securitytracker.com/id/1033769
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
- http://www.securitytracker.com/id/1033737
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
- http://www.securitytracker.com/id/1033432
- http://www.securitytracker.com/id/1033431
- http://www.securitytracker.com/id/1033415
- http://www.securitytracker.com/id/1033386
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
- http://www.ubuntu.com/usn/USN-2706-1
- http://www.ubuntu.com/usn/USN-2696-1
- http://www.debian.org/security/2015/dsa-3339
- http://rhn.redhat.com/errata/RHSA-2015-1526.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
- http://www-304.ibm.com/support/docview.wss?uid=swg21960769
- http://www-304.ibm.com/support/docview.wss?uid=swg21960015
- http://www-304.ibm.com/support/docview.wss?uid=swg21903565
- http://www.securitytracker.com/id/1032868
- http://www.securitytracker.com/id/1032858
- http://www.securitytracker.com/id/1032788
- http://www.securitytracker.com/id/1032734
- http://www.securitytracker.com/id/1032708
- http://www.securitytracker.com/id/1032707
- http://rhn.redhat.com/errata/RHSA-2015-1091.html
- http://rhn.redhat.com/errata/RHSA-2015-1021.html
- http://rhn.redhat.com/errata/RHSA-2015-1020.html
- http://rhn.redhat.com/errata/RHSA-2015-1007.html
- http://rhn.redhat.com/errata/RHSA-2015-1006.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
- http://www.securityfocus.com/bid/73684
- https://kb.juniper.net/JSA10783
- http://www.securitytracker.com/id/1036222
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650
- http://www.securitytracker.com/id/1033072
- http://www.securitytracker.com/id/1033071
- http://www.securitytracker.com/id/1032990
- http://www.securitytracker.com/id/1032910
- http://www.securitytracker.com/id/1032600
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.debian.org/security/2015/dsa-3316
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922
- http://rhn.redhat.com/errata/RHSA-2015-1243.html
- http://rhn.redhat.com/errata/RHSA-2015-1242.html
- http://rhn.redhat.com/errata/RHSA-2015-1241.html
- http://rhn.redhat.com/errata/RHSA-2015-1230.html
- http://rhn.redhat.com/errata/RHSA-2015-1229.html
- http://rhn.redhat.com/errata/RHSA-2015-1228.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/