NVD - CVE-2015-2808

CVE-2015-2808 Detail

Modified After Enrichment

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Description

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 5.0 MEDIUM

Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034	CVE, MITRE	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	CVE, MITRE	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727	CVE, MITRE	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html	CVE, MITRE	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html	CVE, MITRE	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html	CVE, MITRE	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html	CVE, MITRE	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html	CVE, MITRE	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html	CVE, MITRE	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html	CVE, MITRE	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html	CVE, MITRE	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html	CVE, MITRE	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html	CVE, MITRE	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html	CVE, MITRE	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html	CVE, MITRE	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=143456209711959&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=143629696317098&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=143741441012338&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=143817021313142&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=143817899717054&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=143818140118771&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=144043644216842&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=144059660127919&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=144059703728085&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=144060576831314&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=144060606031437&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=144069189622016&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=144102017024820&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=144104533800819&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=144104565600964&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=144493176821532&w=2	CVE, MITRE	Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1006.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1007.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1020.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1021.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1091.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1228.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1229.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1230.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1241.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1242.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1243.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1526.html	CVE, MITRE	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888	CVE, MITRE	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892	CVE, MITRE	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21883640	CVE, MITRE	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21903565	CVE, MITRE	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960015	CVE, MITRE	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960769	CVE, MITRE	Third Party Advisory
http://www.debian.org/security/2015/dsa-3316	CVE, MITRE	Third Party Advisory
http://www.debian.org/security/2015/dsa-3339	CVE, MITRE	Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/hw-454055	CVE, MITRE	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	CVE, MITRE	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	CVE, MITRE	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	CVE, MITRE	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	CVE, MITRE	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	CVE, MITRE	Third Party Advisory
http://www.securityfocus.com/bid/73684	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/91787	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032599	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032600	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032707	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032708	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032734	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032788	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032858	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032868	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032910	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032990	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033071	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033072	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033386	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033415	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033431	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033432	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033737	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033769	CVE, MITRE	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036222	CVE, MITRE	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2696-1	CVE, MITRE	Third Party Advisory
http://www.ubuntu.com/usn/USN-2706-1	CVE, MITRE	Third Party Advisory
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm	CVE, MITRE	Third Party Advisory
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922	CVE, MITRE	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140	CVE, MITRE	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190	CVE, MITRE	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119	CVE, MITRE	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241	CVE, MITRE	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256	CVE, MITRE	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246	CVE, MITRE	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789	CVE, MITRE	Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650	CVE, MITRE	Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380	CVE, MITRE	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988	CVE, MITRE	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347	CVE, MITRE	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935	CVE, MITRE	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888	CVE, MITRE	Third Party Advisory
https://kb.juniper.net/JSA10783	CVE, MITRE	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10163	CVE, MITRE	Broken Link
https://security.gentoo.org/glsa/201512-10	CVE, MITRE	Third Party Advisory
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709	CVE, MITRE	Third Party Advisory
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf	CVE, MITRE	Technical Description Third Party Advisory
https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/	CVE, MITRE

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-327	Use of a Broken or Risky Cryptographic Algorithm	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

40 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2015-2808
NVD Published Date:
03/31/2015
NVD Last Modified:
05/06/2026
Source:
MITRE

CVE-2015-2808 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Status Change 5/06/2026 6:30:45 PM

CVE Modified by CVE 11/20/2024 9:28:07 PM

CVE Modified by MITRE 5/13/2024 11:33:01 PM

CVE Modified by MITRE 9/07/2023 1:15:38 PM

Modified Analysis by NIST 11/23/2020 2:47:50 PM

CVE Modified by MITRE 1/18/2018 1:18:01 PM

CVE Modified by MITRE 1/04/2018 9:30:04 PM

CVE Modified by MITRE 11/07/2017 9:29:01 PM

CVE Modified by MITRE 11/03/2017 9:29:03 PM

CVE Modified by MITRE 10/19/2017 9:29:06 PM

CVE Modified by MITRE 9/22/2017 9:29:01 PM

CVE Modified by MITRE 9/21/2017 9:29:09 PM

CVE Modified by MITRE 9/20/2017 9:29:06 PM

CVE Modified by MITRE 9/05/2017 9:29:00 PM

CVE Modified by MITRE 8/31/2017 9:29:00 PM

CVE Modified by MITRE 5/23/2017 9:29:00 PM

CVE Modified by MITRE 1/02/2017 9:59:55 PM

CVE Modified by MITRE 12/27/2016 9:59:10 PM

CVE Modified by MITRE 12/23/2016 9:59:11 PM

CVE Modified by MITRE 12/21/2016 9:59:42 PM

CVE Modified by MITRE 12/07/2016 10:08:18 PM

CVE Modified by MITRE 12/07/2016 1:10:47 PM

CVE Modified by MITRE 12/02/2016 10:06:31 PM

CVE Modified by MITRE 11/28/2016 2:21:56 PM

CVE Modified by MITRE 11/21/2016 10:01:44 PM

CVE Modified by MITRE 9/27/2016 9:59:13 PM

CVE Modified by MITRE 8/22/2016 10:09:38 PM

CVE Modified by MITRE 8/19/2016 9:59:49 PM

CVE Modified by MITRE 8/16/2016 9:59:29 PM

CVE Modified by MITRE 8/08/2016 9:59:19 PM

CVE Modified by MITRE 7/21/2016 9:59:32 PM

CVE Modified by MITRE 6/14/2016 9:59:26 PM

CVE Modified by MITRE 6/02/2016 9:59:18 PM

CVE Modified by MITRE 4/21/2016 9:59:16 PM

CVE Modified by MITRE 8/17/2015 10:00:37 PM

CVE Modified by MITRE 7/16/2015 10:02:14 PM

CVE Modified by MITRE 7/05/2015 10:01:15 PM

CVE Modified by MITRE 6/25/2015 9:59:02 PM

Modified Analysis by NIST 4/01/2015 12:59:36 PM

Initial CVE Analysis 4/01/2015 9:11:23 AM

Quick Info