Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2015-2808

Published

9 years ago

Last Modified

7 months ago

CVSSv2.0 Severity

Medium

Impact Analysis

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue..

CVSSv2.0 Score

Severity: Medium
Base Score: 5/10
Exploit Score: 10/10
Access Vector: Network
Access Complexity: Low
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: Partial
Availability Impact: None
Integrity Impact: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:oracle:http_server:11.1.1.9.0:::::::*	Yes	-	-
cpe:2.3:a:oracle:http_server:12.2.1.2.0:::::::*	Yes	-	-
cpe:2.3:a:oracle:http_server:12.1.3.0.0:::::::*	Yes	-	-
cpe:2.3:a:oracle:http_server:11.1.1.7.0:::::::*	Yes	-	-
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:::	Yes	4.0.0	-
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:::	Yes	3.0.0	-
cpe:2.3:a:oracle:communications_application_session_controll	Yes	3.0.0	-
cpe:2.3:a:oracle:http_server:12.2.1.1.0:::::::*	Yes	-	-
cpe:2.3:a:oracle:communications_policy_management:::::*:	Yes	-	9.9.2
cpe:2.3:o:debian:debian_linux:8.0:::::::*	Yes	-	-
cpe:2.3:o:debian:debian_linux:7.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::*:	Yes	-	-
cpe:2.3:a:redhat:satellite:5.7:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::*:	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::*:	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_eus:7.1:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_eus:6.6:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*	Yes	-	-
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:::*	Yes	-	-
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::	Yes	-	-
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3::::::	Yes	-	-
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware:	Yes	-	-
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::	Yes	-	-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:	Yes	-	-
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::	Yes	-	-
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*	Yes	-	-
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*	Yes	-	-
cpe:2.3:o:opensuse:opensuse:13.1:::::::*	Yes	-	-
cpe:2.3:o:opensuse:opensuse:13.2:::::::*	Yes	-	-
cpe:2.3:o:suse:linux_enterprise_server:12:-::::::	Yes	-	-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:	Yes	-	-
cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::	Yes	-	-
cpe:2.3:a:huawei:policy_center:v100r003c10:::::::*	Yes	-	-
cpe:2.3:a:huawei:policy_center:v100r003c00:::::::*	Yes	-	-
cpe:2.3:a:huawei:smc2.0:v100r002c01:::::::*	Yes	-	-
cpe:2.3:a:huawei:smc2.0:v100r002c02:::::::*	Yes	-	-
cpe:2.3:a:huawei:smc2.0:v100r002c03:::::::*	Yes	-	-
cpe:2.3:a:huawei:smc2.0:v100r002c04:::::::*	Yes	-	-
cpe:2.3:a:huawei:ultravr:v100r003c00:::::::*	Yes	-	-
cpe:2.3:a:huawei:oceanstor_replicationdirector:v100r003c00:*	Yes	-	-
cpe:2.3:a:ibm:cognos_metrics_manager:10.2.1:::::::*	Yes	-	-
cpe:2.3:a:ibm:cognos_metrics_manager:10.2:::::::*	Yes	-	-
cpe:2.3:a:ibm:cognos_metrics_manager:10.1.1:::::::*	Yes	-	-
cpe:2.3:a:ibm:cognos_metrics_manager:10.1:::::::*	Yes	-	-
cpe:2.3:a:ibm:cognos_metrics_manager:10.2.2:::::::*	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2015-2808

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2015-2808

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References