NVD
- Id
- 24795
- Name
- CVE-2015-2808
- Description
- The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
- Reject
- CVSS Version
- 2
- CVSS Score
- 4.3
- Severity
- Medium
- CVSS Base Score
- 4.3
- CVSS Impact Subscore
- 2.9
- CVSS Exploit Subscore
- 8.6
- CVSS Vector
- (AV:N/AC:M/Au:N/C:P/I:N/A:N)
- Pub Date
- 2017-05-27
- Published
- 2015-03-31
- Modified Date
- 2017-05-23
- Seq
- 2015-2808
Related NVD References
| Id | NVD Id | NVD No. | Reference | Actions |
|---|---|---|---|---|
| 130877 | 24795 | CVE-2015-2808 | http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 | View |
| 130878 | 24795 | CVE-2015-2808 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | View |
| 130879 | 24795 | CVE-2015-2808 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 | View |
| 130880 | 24795 | CVE-2015-2808 | SUSE-SU-2015:1073 | View |
| 130881 | 24795 | CVE-2015-2808 | SUSE-SU-2015:1085 | View |
| 130882 | 24795 | CVE-2015-2808 | SUSE-SU-2015:1086 | View |
| 130883 | 24795 | CVE-2015-2808 | SUSE-SU-2015:1138 | View |
| 130884 | 24795 | CVE-2015-2808 | SUSE-SU-2015:1161 | View |
| 130885 | 24795 | CVE-2015-2808 | openSUSE-SU-2015:1288 | View |
| 130886 | 24795 | CVE-2015-2808 | openSUSE-SU-2015:1289 | View |
| 130887 | 24795 | CVE-2015-2808 | SUSE-SU-2015:1319 | View |
| 130888 | 24795 | CVE-2015-2808 | SUSE-SU-2015:1320 | View |
| 130889 | 24795 | CVE-2015-2808 | SUSE-SU-2015:2166 | View |
| 130890 | 24795 | CVE-2015-2808 | SUSE-SU-2015:2192 | View |
| 130891 | 24795 | CVE-2015-2808 | SUSE-SU-2016:0113 | View |
| 130892 | 24795 | CVE-2015-2808 | HPSBGN03338 | View |
| 130893 | 24795 | CVE-2015-2808 | HPSBGN03354 | View |
| 130894 | 24795 | CVE-2015-2808 | HPSBGN03352 | View |
| 130895 | 24795 | CVE-2015-2808 | SSRT102150 | View |
| 130896 | 24795 | CVE-2015-2808 | SSRT102133 | View |
| 130897 | 24795 | CVE-2015-2808 | SSRT102129 | View |
| 130898 | 24795 | CVE-2015-2808 | SSRT102127 | View |
| 130899 | 24795 | CVE-2015-2808 | HPSBMU03345 | View |
| 130900 | 24795 | CVE-2015-2808 | HPSBGN03414 | View |
| 130901 | 24795 | CVE-2015-2808 | HPSBGN03415 | View |
| 130902 | 24795 | CVE-2015-2808 | HPSBGN03399 | View |
| 130903 | 24795 | CVE-2015-2808 | HPSBGN03405 | View |
| 130904 | 24795 | CVE-2015-2808 | HPSBGN03402 | View |
| 130905 | 24795 | CVE-2015-2808 | HPSBGN03407 | View |
| 130906 | 24795 | CVE-2015-2808 | HPSBMU03401 | View |
| 130907 | 24795 | CVE-2015-2808 | HPSBGN03403 | View |
| 130908 | 24795 | CVE-2015-2808 | SSRT102254 | View |
| 130909 | 24795 | CVE-2015-2808 | RHSA-2015:1006 | View |
| 130910 | 24795 | CVE-2015-2808 | RHSA-2015:1007 | View |
| 130911 | 24795 | CVE-2015-2808 | RHSA-2015:1020 | View |
| 130912 | 24795 | CVE-2015-2808 | RHSA-2015:1021 | View |
| 130913 | 24795 | CVE-2015-2808 | RHSA-2015:1091 | View |
| 130914 | 24795 | CVE-2015-2808 | RHSA-2015:1526 | View |
| 130915 | 24795 | CVE-2015-2808 | IV71888 | View |
| 130916 | 24795 | CVE-2015-2808 | IV71892 | View |
| 130917 | 24795 | CVE-2015-2808 | http://www-01.ibm.com/support/docview.wss?uid=swg21883640 | View |
| 130918 | 24795 | CVE-2015-2808 | http://www-304.ibm.com/support/docview.wss?uid=swg21903565 | View |
| 130919 | 24795 | CVE-2015-2808 | http://www-304.ibm.com/support/docview.wss?uid=swg21960015 | View |
| 130920 | 24795 | CVE-2015-2808 | http://www-304.ibm.com/support/docview.wss?uid=swg21960769 | View |
| 130921 | 24795 | CVE-2015-2808 | DSA-3339 | View |
| 130922 | 24795 | CVE-2015-2808 | http://www.huawei.com/en/psirt/security-advisories/hw-454055 | View |
| 130923 | 24795 | CVE-2015-2808 | http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | View |
| 130924 | 24795 | CVE-2015-2808 | http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | View |
| 130925 | 24795 | CVE-2015-2808 | http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | View |
| 130926 | 24795 | CVE-2015-2808 | 73684 | View |
| 130927 | 24795 | CVE-2015-2808 | 91787 | View |
| 130928 | 24795 | CVE-2015-2808 | 1032599 | View |
| 130929 | 24795 | CVE-2015-2808 | 1032707 | View |
| 130930 | 24795 | CVE-2015-2808 | 1032708 | View |
| 130931 | 24795 | CVE-2015-2808 | 1032734 | View |
| 130932 | 24795 | CVE-2015-2808 | 1032788 | View |
| 130933 | 24795 | CVE-2015-2808 | 1032858 | View |
| 130934 | 24795 | CVE-2015-2808 | 1032868 | View |
| 130935 | 24795 | CVE-2015-2808 | 1033386 | View |
| 130936 | 24795 | CVE-2015-2808 | 1033415 | View |
| 130937 | 24795 | CVE-2015-2808 | 1033431 | View |
| 130938 | 24795 | CVE-2015-2808 | 1033432 | View |
| 130939 | 24795 | CVE-2015-2808 | 1033737 | View |
| 130940 | 24795 | CVE-2015-2808 | 1033769 | View |
| 130941 | 24795 | CVE-2015-2808 | USN-2696-1 | View |
| 130942 | 24795 | CVE-2015-2808 | USN-2706-1 | View |
| 130943 | 24795 | CVE-2015-2808 | http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm | View |
| 130944 | 24795 | CVE-2015-2808 | SSRT102102 | View |
| 130945 | 24795 | CVE-2015-2808 | https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140 | View |
| 130946 | 24795 | CVE-2015-2808 | https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190 | View |
| 130947 | 24795 | CVE-2015-2808 | https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119 | View |
| 130948 | 24795 | CVE-2015-2808 | https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241 | View |
| 130949 | 24795 | CVE-2015-2808 | https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256 | View |
| 130950 | 24795 | CVE-2015-2808 | https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246 | View |
| 130951 | 24795 | CVE-2015-2808 | https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789 | View |
| 130952 | 24795 | CVE-2015-2808 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988 | View |
| 130953 | 24795 | CVE-2015-2808 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347 | View |
| 130954 | 24795 | CVE-2015-2808 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 | View |
| 130955 | 24795 | CVE-2015-2808 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 | View |
| 130956 | 24795 | CVE-2015-2808 | https://kc.mcafee.com/corporate/index?page=content&id=SB10163 | View |
| 130957 | 24795 | CVE-2015-2808 | GLSA-201512-10 | View |
| 130958 | 24795 | CVE-2015-2808 | https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709 | View |
| 130959 | 24795 | CVE-2015-2808 | https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf | View |
Related JVN
| Id | Name | Title | Summary | Cveinfo Name | Cveinfo Id | Nvdinfo Name | Nvdinfo Id | Cvssv2 | Cvssv3 | Jvnurl | Published Date | Last Updated Date | Actions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 6724 | JVNDB-2015-002044 | TLS プロトコルおよび SSL プロトコルで使用される RC4 アルゴリズムにおけるストリームの最初のバイトへの平文回復攻撃の脆弱性 | TLS プロトコルおよび SSL プロトコルで使用される RC4 アルゴリズムは、初期化フェーズでステートのデータと鍵データを適切に結合しないため、ストリームの最初のバイトへの平文回復攻撃 (plaintext-recovery attack) を実行される脆弱性が存在します。 | CVE-2015-2808 | 80033 | CVE-2015-2808 | 24795 | 4.3 | http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-002044.html | 2015-03-31 | 2016-07-27 | View |
