National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2015-2808 Detail

Description

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Source:  MITRE      Last Modified:  03/31/2015

Quick Info

CVE Dictionary Entry:
CVE-2015-2808
Original release date:
03/31/2015
Last revised:
01/18/2018
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
4.3 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:P/I:N/A:N) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 External Source CONFIRM http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html External Source SUSE SUSE-SU-2015:1073
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html External Source SUSE SUSE-SU-2015:1085
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html External Source SUSE SUSE-SU-2015:1086
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html External Source SUSE SUSE-SU-2015:1138
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html External Source SUSE SUSE-SU-2015:1161
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html External Source SUSE openSUSE-SU-2015:1288
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html External Source SUSE openSUSE-SU-2015:1289
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html External Source SUSE SUSE-SU-2015:1319
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html External Source SUSE SUSE-SU-2015:1320
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html External Source SUSE SUSE-SU-2015:2166
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html External Source SUSE SUSE-SU-2015:2192
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html External Source SUSE SUSE-SU-2016:0113
http://marc.info/?l=bugtraq&m=143456209711959&w=2 External Source HP HPSBGN03338
http://marc.info/?l=bugtraq&m=143629696317098&w=2 External Source HP HPSBGN03354
http://marc.info/?l=bugtraq&m=143741441012338&w=2 External Source HP SSRT102150
http://marc.info/?l=bugtraq&m=143817021313142&w=2 External Source HP SSRT102133
http://marc.info/?l=bugtraq&m=143817899717054&w=2 External Source HP SSRT102129
http://marc.info/?l=bugtraq&m=143818140118771&w=2 External Source HP SSRT102127
http://marc.info/?l=bugtraq&m=144043644216842&w=2 External Source HP HPSBMU03345
http://marc.info/?l=bugtraq&m=144059660127919&w=2 External Source HP HPSBGN03414
http://marc.info/?l=bugtraq&m=144059703728085&w=2 External Source HP HPSBGN03415
http://marc.info/?l=bugtraq&m=144060576831314&w=2 External Source HP HPSBGN03399
http://marc.info/?l=bugtraq&m=144060606031437&w=2 External Source HP HPSBGN03405
http://marc.info/?l=bugtraq&m=144069189622016&w=2 External Source HP HPSBGN03402
http://marc.info/?l=bugtraq&m=144102017024820&w=2 External Source HP HPSBGN03407
http://marc.info/?l=bugtraq&m=144104533800819&w=2 External Source HP HPSBMU03401
http://marc.info/?l=bugtraq&m=144104565600964&w=2 External Source HP HPSBGN03403
http://marc.info/?l=bugtraq&m=144493176821532&w=2 External Source HP SSRT102254
http://rhn.redhat.com/errata/RHSA-2015-1006.html External Source REDHAT RHSA-2015:1006
http://rhn.redhat.com/errata/RHSA-2015-1007.html External Source REDHAT RHSA-2015:1007
http://rhn.redhat.com/errata/RHSA-2015-1020.html External Source REDHAT RHSA-2015:1020
http://rhn.redhat.com/errata/RHSA-2015-1021.html External Source REDHAT RHSA-2015:1021
http://rhn.redhat.com/errata/RHSA-2015-1091.html External Source REDHAT RHSA-2015:1091
http://rhn.redhat.com/errata/RHSA-2015-1228.html External Source REDHAT RHSA-2015:1228
http://rhn.redhat.com/errata/RHSA-2015-1229.html External Source REDHAT RHSA-2015:1229
http://rhn.redhat.com/errata/RHSA-2015-1230.html External Source REDHAT RHSA-2015:1230
http://rhn.redhat.com/errata/RHSA-2015-1241.html External Source REDHAT RHSA-2015:1241
http://rhn.redhat.com/errata/RHSA-2015-1242.html External Source REDHAT RHSA-2015:1242
http://rhn.redhat.com/errata/RHSA-2015-1243.html External Source REDHAT RHSA-2015:1243
http://rhn.redhat.com/errata/RHSA-2015-1526.html External Source REDHAT RHSA-2015:1526
http://www.debian.org/security/2015/dsa-3316 External Source DEBIAN DSA-3316
http://www.debian.org/security/2015/dsa-3339 External Source DEBIAN DSA-3339
http://www.huawei.com/en/psirt/security-advisories/hw-454055 External Source CONFIRM http://www.huawei.com/en/psirt/security-advisories/hw-454055
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/bid/73684 External Source BID 73684
http://www.securityfocus.com/bid/91787 External Source BID 91787
http://www.securitytracker.com/id/1032599 External Source SECTRACK 1032599
http://www.securitytracker.com/id/1032600 External Source SECTRACK 1032600
http://www.securitytracker.com/id/1032707 External Source SECTRACK 1032707
http://www.securitytracker.com/id/1032708 External Source SECTRACK 1032708
http://www.securitytracker.com/id/1032734 External Source SECTRACK 1032734
http://www.securitytracker.com/id/1032788 External Source SECTRACK 1032788
http://www.securitytracker.com/id/1032858 External Source SECTRACK 1032858
http://www.securitytracker.com/id/1032868 External Source SECTRACK 1032868
http://www.securitytracker.com/id/1032910 External Source SECTRACK 1032910
http://www.securitytracker.com/id/1032990 External Source SECTRACK 1032990
http://www.securitytracker.com/id/1033071 External Source SECTRACK 1033071
http://www.securitytracker.com/id/1033072 External Source SECTRACK 1033072
http://www.securitytracker.com/id/1033386 External Source SECTRACK 1033386
http://www.securitytracker.com/id/1033415 External Source SECTRACK 1033415
http://www.securitytracker.com/id/1033431 External Source SECTRACK 1033431
http://www.securitytracker.com/id/1033432 External Source SECTRACK 1033432
http://www.securitytracker.com/id/1033737 External Source SECTRACK 1033737
http://www.securitytracker.com/id/1033769 External Source SECTRACK 1033769
http://www.securitytracker.com/id/1036222 External Source SECTRACK 1036222
http://www.ubuntu.com/usn/USN-2696-1 External Source UBUNTU USN-2696-1
http://www.ubuntu.com/usn/USN-2706-1 External Source UBUNTU USN-2706-1
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888 External Source AIXAPAR IV71888
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892 External Source AIXAPAR IV71892
http://www-01.ibm.com/support/docview.wss?uid=swg21883640 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21883640
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm External Source CONFIRM http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm
http://www-304.ibm.com/support/docview.wss?uid=swg21903565 External Source CONFIRM http://www-304.ibm.com/support/docview.wss?uid=swg21903565
http://www-304.ibm.com/support/docview.wss?uid=swg21960015 External Source CONFIRM http://www-304.ibm.com/support/docview.wss?uid=swg21960015
http://www-304.ibm.com/support/docview.wss?uid=swg21960769 External Source CONFIRM http://www-304.ibm.com/support/docview.wss?uid=swg21960769
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922 External Source HP SSRT102073
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650 External Source CONFIRM https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380 External Source CONFIRM https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
https://kb.juniper.net/JSA10783 External Source CONFIRM https://kb.juniper.net/JSA10783
https://kc.mcafee.com/corporate/index?page=content&id=SB10163 External Source CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10163
https://security.gentoo.org/glsa/201512-10 External Source GENTOO GLSA-201512-10
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf Vendor Advisory External Source MISC https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709 External Source CONFIRM https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709

Technical Details

Vulnerability Type (View All)

Change History 35 change records found - show changes