[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-2808Date: (C)2015-04-03   (M)2024-03-27


The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1032599
SECTRACK-1032600
SECTRACK-1032707
SECTRACK-1032708
SECTRACK-1032734
SECTRACK-1032788
SECTRACK-1032858
SECTRACK-1032868
SECTRACK-1032910
SECTRACK-1032990
SECTRACK-1033071
SECTRACK-1033072
SECTRACK-1033386
SECTRACK-1033415
SECTRACK-1033431
SECTRACK-1033432
SECTRACK-1033737
SECTRACK-1033769
SECTRACK-1036222
BID-73684
BID-91787
DSA-3316
DSA-3339
GLSA-201512-10
HPSBGN03338
HPSBGN03354
HPSBGN03367
HPSBGN03399
HPSBGN03402
HPSBGN03403
HPSBGN03405
HPSBGN03407
HPSBGN03414
HPSBGN03415
HPSBMU03345
HPSBMU03377
HPSBMU03401
HPSBUX03512
IV71888
IV71892
RHSA-2015:1006
RHSA-2015:1007
RHSA-2015:1020
RHSA-2015:1021
RHSA-2015:1091
RHSA-2015:1228
RHSA-2015:1229
RHSA-2015:1230
RHSA-2015:1241
RHSA-2015:1242
RHSA-2015:1243
RHSA-2015:1526
SSRT102073
SSRT102127
SSRT102133
SUSE-SU-2015:1073
SUSE-SU-2015:1085
SUSE-SU-2015:1086
SUSE-SU-2015:1138
SUSE-SU-2015:1161
SUSE-SU-2015:1319
SUSE-SU-2015:1320
SUSE-SU-2015:2166
SUSE-SU-2015:2192
SUSE-SU-2016:0113
USN-2696-1
USN-2706-1
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
http://www-01.ibm.com/support/docview.wss?uid=swg21883640
http://www-304.ibm.com/support/docview.wss?uid=swg21903565
http://www-304.ibm.com/support/docview.wss?uid=swg21960015
http://www-304.ibm.com/support/docview.wss?uid=swg21960769
http://www.huawei.com/en/psirt/security-advisories/hw-454055
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
https://kb.juniper.net/JSA10783
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/
openSUSE-SU-2015:1288
openSUSE-SU-2015:1289

CWE    1
CWE-327
OVAL    36
oval:org.secpod.oval:def:505341
oval:org.secpod.oval:def:505568
oval:org.secpod.oval:def:24221
oval:org.secpod.oval:def:24761
...

© SecPod Technologies