Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

  • Published: Apr 1, 2015
  • Updated: Apr 13, 2023
  • CVE: CVE-2015-2808
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
oracle / http_server 11.1.1.9.0 11.1.1.9.0.x
oracle / http_server 12.2.1.2.0 12.2.1.2.0.x
oracle / http_server 12.1.3.0.0 12.1.3.0.0.x
oracle / http_server 11.1.1.7.0 11.1.1.7.0.x
oracle / integrated_lights_out_manager_firmware 4.0.0 4.0.4.x
oracle / integrated_lights_out_manager_firmware 3.0.0 3.2.11.x
oracle / communications_application_session_controller 3.0.0 3.9.0.x
oracle / http_server 12.2.1.1.0 12.2.1.1.0.x
oracle / communications_policy_management - 9.9.2
debian / debian_linux 8.0 8.0.x
debian / debian_linux 7.0 7.0.x
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux_server 5.0 5.0.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / satellite 5.7 5.7.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / enterprise_linux_workstation 5.0 5.0.x
redhat / enterprise_linux_server_aus 6.6 6.6.x
redhat / enterprise_linux_desktop 6.0 6.0.x
redhat / enterprise_linux_server 6.0 6.0.x
redhat / enterprise_linux_workstation 6.0 6.0.x
redhat / enterprise_linux_eus 7.1 7.1.x
redhat / enterprise_linux_eus 6.6 6.6.x
redhat / enterprise_linux_server_tus 7.3 7.3.x
redhat / enterprise_linux_desktop 5.0 5.0.x
redhat / enterprise_linux_server_aus 7.3 7.3.x
redhat / enterprise_linux_server_aus 7.4 7.4.x
redhat / enterprise_linux_eus 7.3 7.3.x
redhat / enterprise_linux_eus 7.4 7.4.x
redhat / enterprise_linux_eus 7.5 7.5.x
redhat / enterprise_linux_server_tus 7.6 7.6.x
redhat / enterprise_linux_server_aus 7.6 7.6.x
redhat / enterprise_linux_eus 7.6 7.6.x
redhat / enterprise_linux_eus 7.2 7.2.x
redhat / enterprise_linux_server_aus 7.7 7.7.x
redhat / enterprise_linux_server_tus 7.7 7.7.x
redhat / enterprise_linux_eus 7.7 7.7.x
suse / linux_enterprise_server 11-sp1 11-sp1.x
suse / linux_enterprise_desktop 11-sp3 11-sp3.x
suse / linux_enterprise_debuginfo 11-sp3 11-sp3.x
suse / linux_enterprise_server 11-sp3 11-sp3.x
suse / linux_enterprise_desktop 11-sp4 11-sp4.x
suse / linux_enterprise_software_development_kit 11-sp3 11-sp3.x
suse / linux_enterprise_debuginfo 11-sp4 11-sp4.x
suse / linux_enterprise_server 11-sp2 11-sp2.x
suse / linux_enterprise_server 10-sp4 10-sp4.x
opensuse / opensuse 13.1 13.1.x
opensuse / opensuse 13.2 13.2.x
suse / linux_enterprise_server 12 12.x
suse / linux_enterprise_software_development_kit 12 12.x
suse / linux_enterprise_desktop 12 12.x
suse / manager 1.7 1.7.x
canonical / ubuntu_linux 15.04 15.04.x
canonical / ubuntu_linux 12.04 12.04.x
canonical / ubuntu_linux 14.04 14.04.x
redhat / satellite 5.6 5.6.x
fujitsu / sparc_enterprise_m3000_firmware xcp xcp_1121
fujitsu / sparc_enterprise_m4000_firmware xcp xcp_1121
fujitsu / sparc_enterprise_m5000_firmware xcp xcp_1121
fujitsu / sparc_enterprise_m8000_firmware xcp xcp_1121
fujitsu / sparc_enterprise_m9000_firmware xcp xcp_1121
huawei / policy_center 100r003c10 100r003c10.x
huawei / policy_center 100r003c00 100r003c00.x
huawei / smc2.0 100r002c01 100r002c01.x
huawei / smc2.0 100r002c02 100r002c02.x
huawei / smc2.0 100r002c03 100r002c03.x
huawei / smc2.0 100r002c04 100r002c04.x
huawei / ultravr 100r003c00 100r003c00.x
huawei / oceanstor_replicationdirector 100r003c00 100r003c00.x
ibm / cognos_metrics_manager 10.2.1 10.2.1.x
ibm / cognos_metrics_manager 10.2 10.2.x
ibm / cognos_metrics_manager 10.1.1 10.1.1.x
ibm / cognos_metrics_manager 10.1 10.1.x
ibm / cognos_metrics_manager 10.2.2 10.2.2.x