CVE - CVE-2015-2808

CVE-ID
CVE-2015-2808	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:IV71888 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888 AIXAPAR:IV71892 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892 BID:73684 URL:http://www.securityfocus.com/bid/73684 BID:91787 URL:http://www.securityfocus.com/bid/91787 CONFIRM:http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21883640 CONFIRM:http://www-304.ibm.com/support/docview.wss?uid=swg21903565 CONFIRM:http://www-304.ibm.com/support/docview.wss?uid=swg21960015 CONFIRM:http://www-304.ibm.com/support/docview.wss?uid=swg21960769 CONFIRM:http://www.huawei.com/en/psirt/security-advisories/hw-454055 CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html CONFIRM:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140 CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190 CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119 CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241 CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256 CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246 CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789 CONFIRM:https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650 CONFIRM:https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 CONFIRM:https://kb.juniper.net/JSA10783 CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10163 CONFIRM:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709 DEBIAN:DSA-3316 URL:http://www.debian.org/security/2015/dsa-3316 DEBIAN:DSA-3339 URL:http://www.debian.org/security/2015/dsa-3339 GENTOO:GLSA-201512-10 URL:https://security.gentoo.org/glsa/201512-10 HP:HPSBGN03338 URL:http://marc.info/?l=bugtraq&m=143456209711959&w=2 HP:HPSBGN03354 URL:http://marc.info/?l=bugtraq&m=143629696317098&w=2 HP:HPSBGN03366 URL:http://marc.info/?l=bugtraq&m=143818140118771&w=2 HP:HPSBGN03367 URL:http://marc.info/?l=bugtraq&m=143817899717054&w=2 HP:HPSBGN03372 URL:http://marc.info/?l=bugtraq&m=143817021313142&w=2 HP:HPSBGN03399 URL:http://marc.info/?l=bugtraq&m=144060576831314&w=2 HP:HPSBGN03402 URL:http://marc.info/?l=bugtraq&m=144069189622016&w=2 HP:HPSBGN03403 URL:http://marc.info/?l=bugtraq&m=144104565600964&w=2 HP:HPSBGN03405 URL:http://marc.info/?l=bugtraq&m=144060606031437&w=2 HP:HPSBGN03407 URL:http://marc.info/?l=bugtraq&m=144102017024820&w=2 HP:HPSBGN03414 URL:http://marc.info/?l=bugtraq&m=144059660127919&w=2 HP:HPSBGN03415 URL:http://marc.info/?l=bugtraq&m=144059703728085&w=2 HP:HPSBMU03345 URL:http://marc.info/?l=bugtraq&m=144043644216842&w=2 HP:HPSBMU03377 URL:http://marc.info/?l=bugtraq&m=143741441012338&w=2 HP:HPSBMU03401 URL:http://marc.info/?l=bugtraq&m=144104533800819&w=2 HP:HPSBUX03512 URL:http://marc.info/?l=bugtraq&m=144493176821532&w=2 HP:SSRT102073 URL:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922 HP:SSRT102127 URL:http://marc.info/?l=bugtraq&m=143818140118771&w=2 HP:SSRT102129 URL:http://marc.info/?l=bugtraq&m=143817899717054&w=2 HP:SSRT102133 URL:http://marc.info/?l=bugtraq&m=143817021313142&w=2 HP:SSRT102150 URL:http://marc.info/?l=bugtraq&m=143741441012338&w=2 HP:SSRT102254 URL:http://marc.info/?l=bugtraq&m=144493176821532&w=2 MISC:https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf MISC:https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/ REDHAT:RHSA-2015:1006 URL:http://rhn.redhat.com/errata/RHSA-2015-1006.html REDHAT:RHSA-2015:1007 URL:http://rhn.redhat.com/errata/RHSA-2015-1007.html REDHAT:RHSA-2015:1020 URL:http://rhn.redhat.com/errata/RHSA-2015-1020.html REDHAT:RHSA-2015:1021 URL:http://rhn.redhat.com/errata/RHSA-2015-1021.html REDHAT:RHSA-2015:1091 URL:http://rhn.redhat.com/errata/RHSA-2015-1091.html REDHAT:RHSA-2015:1228 URL:http://rhn.redhat.com/errata/RHSA-2015-1228.html REDHAT:RHSA-2015:1229 URL:http://rhn.redhat.com/errata/RHSA-2015-1229.html REDHAT:RHSA-2015:1230 URL:http://rhn.redhat.com/errata/RHSA-2015-1230.html REDHAT:RHSA-2015:1241 URL:http://rhn.redhat.com/errata/RHSA-2015-1241.html REDHAT:RHSA-2015:1242 URL:http://rhn.redhat.com/errata/RHSA-2015-1242.html REDHAT:RHSA-2015:1243 URL:http://rhn.redhat.com/errata/RHSA-2015-1243.html REDHAT:RHSA-2015:1526 URL:http://rhn.redhat.com/errata/RHSA-2015-1526.html SECTRACK:1032599 URL:http://www.securitytracker.com/id/1032599 SECTRACK:1032600 URL:http://www.securitytracker.com/id/1032600 SECTRACK:1032707 URL:http://www.securitytracker.com/id/1032707 SECTRACK:1032708 URL:http://www.securitytracker.com/id/1032708 SECTRACK:1032734 URL:http://www.securitytracker.com/id/1032734 SECTRACK:1032788 URL:http://www.securitytracker.com/id/1032788 SECTRACK:1032858 URL:http://www.securitytracker.com/id/1032858 SECTRACK:1032868 URL:http://www.securitytracker.com/id/1032868 SECTRACK:1032910 URL:http://www.securitytracker.com/id/1032910 SECTRACK:1032990 URL:http://www.securitytracker.com/id/1032990 SECTRACK:1033071 URL:http://www.securitytracker.com/id/1033071 SECTRACK:1033072 URL:http://www.securitytracker.com/id/1033072 SECTRACK:1033386 URL:http://www.securitytracker.com/id/1033386 SECTRACK:1033415 URL:http://www.securitytracker.com/id/1033415 SECTRACK:1033431 URL:http://www.securitytracker.com/id/1033431 SECTRACK:1033432 URL:http://www.securitytracker.com/id/1033432 SECTRACK:1033737 URL:http://www.securitytracker.com/id/1033737 SECTRACK:1033769 URL:http://www.securitytracker.com/id/1033769 SECTRACK:1036222 URL:http://www.securitytracker.com/id/1036222 SUSE:SUSE-SU-2015:1073 URL:http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html SUSE:SUSE-SU-2015:1085 URL:http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html SUSE:SUSE-SU-2015:1086 URL:http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html SUSE:SUSE-SU-2015:1138 URL:http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html SUSE:SUSE-SU-2015:1161 URL:http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html SUSE:SUSE-SU-2015:1319 URL:http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html SUSE:SUSE-SU-2015:1320 URL:http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html SUSE:SUSE-SU-2015:2166 URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html SUSE:SUSE-SU-2015:2192 URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html SUSE:SUSE-SU-2016:0113 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html SUSE:openSUSE-SU-2015:1288 URL:http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html SUSE:openSUSE-SU-2015:1289 URL:http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html UBUNTU:USN-2696-1 URL:http://www.ubuntu.com/usn/USN-2696-1 UBUNTU:USN-2706-1 URL:http://www.ubuntu.com/usn/USN-2706-1
Assigning CNA
MITRE Corporation
Date Record Created
20150331	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150331)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)