Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2015-2808
Description:The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Test IDs: 1.3.6.1.4.1.25623.1.0.871392   1.3.6.1.4.1.25623.1.0.882225   1.3.6.1.4.1.25623.1.0.882221   1.3.6.1.4.1.25623.1.0.882220   1.3.6.1.4.1.25623.1.0.882224   1.3.6.1.4.1.25623.1.0.871391   1.3.6.1.4.1.25623.1.0.871390   1.3.6.1.4.1.25623.1.0.882222   1.3.6.1.4.1.25623.1.0.871422   1.3.6.1.4.1.25623.1.0.882236   1.3.6.1.4.1.25623.1.0.882237   1.3.6.1.4.1.25623.1.0.120041   1.3.6.1.4.1.25623.1.0.120044   1.3.6.1.4.1.25623.1.0.105368   1.3.6.1.4.1.25623.1.0.850825   1.3.6.1.4.1.25623.1.0.850826   1.3.6.1.4.1.25623.1.0.130098   1.3.6.1.4.1.25623.1.0.851032   1.3.6.1.4.1.25623.1.0.851094   1.3.6.1.4.1.25623.1.0.105608   1.3.6.1.4.1.25623.1.1.4.2015.1086.3   1.3.6.1.4.1.25623.1.1.4.2015.1086.2   1.3.6.1.4.1.25623.1.1.4.2015.1086.1   1.3.6.1.4.1.25623.1.1.4.2015.1085.1   1.3.6.1.4.1.25623.1.1.4.2015.2166.1   1.3.6.1.4.1.25623.1.1.4.2015.1161.1   1.3.6.1.4.1.25623.1.1.4.2015.1086.4   1.3.6.1.4.1.25623.1.1.4.2015.2192.1   1.3.6.1.4.1.25623.1.1.4.2016.0113.1   1.3.6.1.4.1.25623.1.1.4.2015.1138.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2015-2808
AIX APAR: IV71888
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888
AIX APAR: IV71892
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892
BugTraq ID: 73684
http://www.securityfocus.com/bid/73684
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Debian Security Information: DSA-3316 (Google Search)
http://www.debian.org/security/2015/dsa-3316
Debian Security Information: DSA-3339 (Google Search)
http://www.debian.org/security/2015/dsa-3339
https://security.gentoo.org/glsa/201512-10
HPdes Security Advisory: HPSBGN03338
http://marc.info/?l=bugtraq&m=143456209711959&w=2
HPdes Security Advisory: HPSBGN03354
http://marc.info/?l=bugtraq&m=143629696317098&w=2
HPdes Security Advisory: HPSBGN03366
http://marc.info/?l=bugtraq&m=143818140118771&w=2
HPdes Security Advisory: HPSBGN03367
http://marc.info/?l=bugtraq&m=143817899717054&w=2
HPdes Security Advisory: HPSBGN03372
http://marc.info/?l=bugtraq&m=143817021313142&w=2
HPdes Security Advisory: HPSBGN03399
http://marc.info/?l=bugtraq&m=144060576831314&w=2
HPdes Security Advisory: HPSBGN03402
http://marc.info/?l=bugtraq&m=144069189622016&w=2
HPdes Security Advisory: HPSBGN03403
http://marc.info/?l=bugtraq&m=144104565600964&w=2
HPdes Security Advisory: HPSBGN03405
http://marc.info/?l=bugtraq&m=144060606031437&w=2
HPdes Security Advisory: HPSBGN03407
http://marc.info/?l=bugtraq&m=144102017024820&w=2
HPdes Security Advisory: HPSBGN03414
http://marc.info/?l=bugtraq&m=144059660127919&w=2
HPdes Security Advisory: HPSBGN03415
http://marc.info/?l=bugtraq&m=144059703728085&w=2
HPdes Security Advisory: HPSBMU03345
http://marc.info/?l=bugtraq&m=144043644216842&w=2
HPdes Security Advisory: HPSBMU03377
http://marc.info/?l=bugtraq&m=143741441012338&w=2
HPdes Security Advisory: HPSBMU03401
http://marc.info/?l=bugtraq&m=144104533800819&w=2
HPdes Security Advisory: HPSBUX03512
http://marc.info/?l=bugtraq&m=144493176821532&w=2
HPdes Security Advisory: SSRT102073
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922
HPdes Security Advisory: SSRT102127
http://marc.info/?l=bugtraq&m=143818140118771&w=2
HPdes Security Advisory: SSRT102129
http://marc.info/?l=bugtraq&m=143817899717054&w=2
HPdes Security Advisory: SSRT102133
http://marc.info/?l=bugtraq&m=143817021313142&w=2
HPdes Security Advisory: SSRT102150
http://marc.info/?l=bugtraq&m=143741441012338&w=2
HPdes Security Advisory: SSRT102254
http://marc.info/?l=bugtraq&m=144493176821532&w=2
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
RedHat Security Advisories: RHSA-2015:1006
http://rhn.redhat.com/errata/RHSA-2015-1006.html
RedHat Security Advisories: RHSA-2015:1007
http://rhn.redhat.com/errata/RHSA-2015-1007.html
RedHat Security Advisories: RHSA-2015:1020
http://rhn.redhat.com/errata/RHSA-2015-1020.html
RedHat Security Advisories: RHSA-2015:1021
http://rhn.redhat.com/errata/RHSA-2015-1021.html
RedHat Security Advisories: RHSA-2015:1091
http://rhn.redhat.com/errata/RHSA-2015-1091.html
RedHat Security Advisories: RHSA-2015:1228
http://rhn.redhat.com/errata/RHSA-2015-1228.html
RedHat Security Advisories: RHSA-2015:1229
http://rhn.redhat.com/errata/RHSA-2015-1229.html
RedHat Security Advisories: RHSA-2015:1230
http://rhn.redhat.com/errata/RHSA-2015-1230.html
RedHat Security Advisories: RHSA-2015:1241
http://rhn.redhat.com/errata/RHSA-2015-1241.html
RedHat Security Advisories: RHSA-2015:1242
http://rhn.redhat.com/errata/RHSA-2015-1242.html
RedHat Security Advisories: RHSA-2015:1243
http://rhn.redhat.com/errata/RHSA-2015-1243.html
RedHat Security Advisories: RHSA-2015:1526
http://rhn.redhat.com/errata/RHSA-2015-1526.html
http://www.securitytracker.com/id/1032599
http://www.securitytracker.com/id/1032600
http://www.securitytracker.com/id/1032707
http://www.securitytracker.com/id/1032708
http://www.securitytracker.com/id/1032734
http://www.securitytracker.com/id/1032788
http://www.securitytracker.com/id/1032858
http://www.securitytracker.com/id/1032868
http://www.securitytracker.com/id/1032910
http://www.securitytracker.com/id/1032990
http://www.securitytracker.com/id/1033071
http://www.securitytracker.com/id/1033072
http://www.securitytracker.com/id/1033386
http://www.securitytracker.com/id/1033415
http://www.securitytracker.com/id/1033431
http://www.securitytracker.com/id/1033432
http://www.securitytracker.com/id/1033737
http://www.securitytracker.com/id/1033769
http://www.securitytracker.com/id/1036222
SuSE Security Announcement: SUSE-SU-2015:1073 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
SuSE Security Announcement: SUSE-SU-2015:1085 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
SuSE Security Announcement: SUSE-SU-2015:1086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
SuSE Security Announcement: SUSE-SU-2015:1138 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
SuSE Security Announcement: SUSE-SU-2015:1161 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
SuSE Security Announcement: SUSE-SU-2015:1319 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
SuSE Security Announcement: SUSE-SU-2015:1320 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
SuSE Security Announcement: SUSE-SU-2015:2166 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
SuSE Security Announcement: SUSE-SU-2015:2192 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
SuSE Security Announcement: SUSE-SU-2016:0113 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
SuSE Security Announcement: openSUSE-SU-2015:1288 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
SuSE Security Announcement: openSUSE-SU-2015:1289 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
http://www.ubuntu.com/usn/USN-2696-1
http://www.ubuntu.com/usn/USN-2706-1




© 1998-2021 E-Soft Inc. All rights reserved.