F5 Local Security Checks : F5 BIG-IP - SSL/TLS RC4 vulnerability CVE-2015-2808

Vulnerability Search		Search 219043 CVE descriptions and 99761 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.105368
Category:	F5 Local Security Checks
Title:	F5 BIG-IP - SSL/TLS RC4 vulnerability CVE-2015-2808
Summary:	The remote host is missing a security patch.
Description:	Summary: The remote host is missing a security patch. Vulnerability Insight: The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the 'Bar Mitzvah' issue. (CVE-2015-2808) Vulnerability Impact: Remote attackers may be able to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2808 AIX APAR: IV71888 http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888 AIX APAR: IV71892 http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892 BugTraq ID: 73684 http://www.securityfocus.com/bid/73684 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Debian Security Information: DSA-3316 (Google Search) http://www.debian.org/security/2015/dsa-3316 Debian Security Information: DSA-3339 (Google Search) http://www.debian.org/security/2015/dsa-3339 https://security.gentoo.org/glsa/201512-10 HPdes Security Advisory: HPSBGN03338 http://marc.info/?l=bugtraq&m=143456209711959&w=2 HPdes Security Advisory: HPSBGN03354 http://marc.info/?l=bugtraq&m=143629696317098&w=2 HPdes Security Advisory: HPSBGN03366 http://marc.info/?l=bugtraq&m=143818140118771&w=2 HPdes Security Advisory: HPSBGN03367 http://marc.info/?l=bugtraq&m=143817899717054&w=2 HPdes Security Advisory: HPSBGN03372 http://marc.info/?l=bugtraq&m=143817021313142&w=2 HPdes Security Advisory: HPSBGN03399 http://marc.info/?l=bugtraq&m=144060576831314&w=2 HPdes Security Advisory: HPSBGN03402 http://marc.info/?l=bugtraq&m=144069189622016&w=2 HPdes Security Advisory: HPSBGN03403 http://marc.info/?l=bugtraq&m=144104565600964&w=2 HPdes Security Advisory: HPSBGN03405 http://marc.info/?l=bugtraq&m=144060606031437&w=2 HPdes Security Advisory: HPSBGN03407 http://marc.info/?l=bugtraq&m=144102017024820&w=2 HPdes Security Advisory: HPSBGN03414 http://marc.info/?l=bugtraq&m=144059660127919&w=2 HPdes Security Advisory: HPSBGN03415 http://marc.info/?l=bugtraq&m=144059703728085&w=2 HPdes Security Advisory: HPSBMU03345 http://marc.info/?l=bugtraq&m=144043644216842&w=2 HPdes Security Advisory: HPSBMU03377 http://marc.info/?l=bugtraq&m=143741441012338&w=2 HPdes Security Advisory: HPSBMU03401 http://marc.info/?l=bugtraq&m=144104533800819&w=2 HPdes Security Advisory: HPSBUX03512 http://marc.info/?l=bugtraq&m=144493176821532&w=2 HPdes Security Advisory: SSRT102073 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922 HPdes Security Advisory: SSRT102127 HPdes Security Advisory: SSRT102129 HPdes Security Advisory: SSRT102133 HPdes Security Advisory: SSRT102150 HPdes Security Advisory: SSRT102254 https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf RedHat Security Advisories: RHSA-2015:1006 http://rhn.redhat.com/errata/RHSA-2015-1006.html RedHat Security Advisories: RHSA-2015:1007 http://rhn.redhat.com/errata/RHSA-2015-1007.html RedHat Security Advisories: RHSA-2015:1020 http://rhn.redhat.com/errata/RHSA-2015-1020.html RedHat Security Advisories: RHSA-2015:1021 http://rhn.redhat.com/errata/RHSA-2015-1021.html RedHat Security Advisories: RHSA-2015:1091 http://rhn.redhat.com/errata/RHSA-2015-1091.html RedHat Security Advisories: RHSA-2015:1228 http://rhn.redhat.com/errata/RHSA-2015-1228.html RedHat Security Advisories: RHSA-2015:1229 http://rhn.redhat.com/errata/RHSA-2015-1229.html RedHat Security Advisories: RHSA-2015:1230 http://rhn.redhat.com/errata/RHSA-2015-1230.html RedHat Security Advisories: RHSA-2015:1241 http://rhn.redhat.com/errata/RHSA-2015-1241.html RedHat Security Advisories: RHSA-2015:1242 http://rhn.redhat.com/errata/RHSA-2015-1242.html RedHat Security Advisories: RHSA-2015:1243 http://rhn.redhat.com/errata/RHSA-2015-1243.html RedHat Security Advisories: RHSA-2015:1526 http://rhn.redhat.com/errata/RHSA-2015-1526.html http://www.securitytracker.com/id/1032599 http://www.securitytracker.com/id/1032600 http://www.securitytracker.com/id/1032707 http://www.securitytracker.com/id/1032708 http://www.securitytracker.com/id/1032734 http://www.securitytracker.com/id/1032788 http://www.securitytracker.com/id/1032858 http://www.securitytracker.com/id/1032868 http://www.securitytracker.com/id/1032910 http://www.securitytracker.com/id/1032990 http://www.securitytracker.com/id/1033071 http://www.securitytracker.com/id/1033072 http://www.securitytracker.com/id/1033386 http://www.securitytracker.com/id/1033415 http://www.securitytracker.com/id/1033431 http://www.securitytracker.com/id/1033432 http://www.securitytracker.com/id/1033737 http://www.securitytracker.com/id/1033769 http://www.securitytracker.com/id/1036222 SuSE Security Announcement: SUSE-SU-2015:1073 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html SuSE Security Announcement: SUSE-SU-2015:1085 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html SuSE Security Announcement: SUSE-SU-2015:1086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html SuSE Security Announcement: SUSE-SU-2015:1138 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html SuSE Security Announcement: SUSE-SU-2015:1161 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html SuSE Security Announcement: SUSE-SU-2015:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html SuSE Security Announcement: SUSE-SU-2015:1320 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html SuSE Security Announcement: SUSE-SU-2015:2166 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html SuSE Security Announcement: SUSE-SU-2015:2192 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html SuSE Security Announcement: SUSE-SU-2016:0113 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html SuSE Security Announcement: openSUSE-SU-2015:1288 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html SuSE Security Announcement: openSUSE-SU-2015:1289 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://www.ubuntu.com/usn/USN-2696-1 http://www.ubuntu.com/usn/USN-2706-1
Copyright	Copyright (C) 2015 Greenbone Networks GmbH