CVE-2015-2808
Advisory lineage Upstream: 0 Downstream: 32
Modified
Published: 01 Apr 2015, 00:00
Last modified:28 May 2026, 12:53
Vulnerability Summary
Overall Risk (default)
medium
25/100 CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
23.82% HIGH
24% probability -11.49%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
01 Apr 2015, 00:00
Published
Vulnerability first disclosed
28 May 2026, 12:53
Last Modified
Vulnerability information updated
Description
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
CVSS Metrics
- v3.1•LOW•Score: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 23.82%• Percentile: 96%
Techniques & Countermeasures
- CWE-327•Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.
Affected Systems
- canonical•ubuntu_linux
12.04 | 14.04 | 15.04
- debian•debian_linux
7.0 | 8.0
- fujitsu•sparc_enterprise_m3000_firmware
≥ xcp, < xcp_1121
- fujitsu•sparc_enterprise_m4000_firmware
≥ xcp, < xcp_1121
- fujitsu•sparc_enterprise_m5000_firmware
≥ xcp, < xcp_1121
- fujitsu•sparc_enterprise_m8000_firmware
≥ xcp, < xcp_1121
- fujitsu•sparc_enterprise_m9000_firmware
≥ xcp, < xcp_1121
- huawei•9700_firmware
na
- huawei•e6000_firmware
na
- huawei•e9000_firmware
na
- huawei•oceanstor_18500_firmware
na
- huawei•oceanstor_18800_firmware
na
- huawei•oceanstor_18800f_firmware
na
- huawei•oceanstor_9000_firmware
na
- huawei•oceanstor_cse_firmware
na
- huawei•oceanstor_hvs85t_firmware
na
- huawei•oceanstor_replicationdirector
v100r003c00
- huawei•oceanstor_s2600t_firmware
na
- huawei•oceanstor_s5500t_firmware
na
- huawei•oceanstor_s5600t_firmware
na
- huawei•oceanstor_s5800t_firmware
na
- huawei•oceanstor_s6800t_firmware
na
- huawei•oceanstor_vis6600t_firmware
na
- huawei•policy_center
v100r003c00 | v100r003c10
- huawei•quidway_s9300_firmware
na
- huawei•s12700_firmware
na
- huawei•s2700_firmware
na
- huawei•s2750_firmware
na
- huawei•s3700_firmware
na
- huawei•s5700ei_firmware
na
- huawei•s5700hi_firmware
na
- huawei•s5700li_firmware
na
- huawei•s5700s-li_firmware
na
- huawei•s5700si_firmware
na
- huawei•s5710ei_firmware
na
- huawei•s5710hi_firmware
na
- huawei•s5720ei_firmware
na
- huawei•s5720hi_firmware
na
- huawei•s6700_firmware
na
- huawei•s7700_firmware
na
- huawei•smc2.0
v100r002c01 | v100r002c02 | v100r002c03 | v100r002c04
- huawei•te60_firmware
na
- huawei•ultravr
v100r003c00
- ibm•cognos_metrics_manager
10.1 | 10.1.1 | 10.2 | 10.2.1 | 10.2.2
- opensuse•opensuse
13.1 | 13.2
- oracle•communications_application_session_controller
≥ 3.0.0, ≤ 3.9.0
- oracle•communications_policy_management
< 9.9.2
- oracle•http_server
11.1.1.7.0 | 11.1.1.9.0 | 12.1.3.0.0 | 12.2.1.1.0 | 12.2.1.2.0
- oracle•integrated_lights_out_manager_firmware
≥ 3.0.0, ≤ 3.2.11 | ≥ 4.0.0, ≤ 4.0.4
- redhat•enterprise_linux_desktop
5.0 | 6.0 | 7.0
Showing first 50 affected entries in server-rendered view.
References (101)
- http://marc.info/?l=bugtraq&m=143818140118771&w=2
- http://rhn.redhat.com/errata/RHSA-2015-1243.html
- http://rhn.redhat.com/errata/RHSA-2015-1007.html
- http://marc.info/?l=bugtraq&m=143817899717054&w=2
- http://marc.info/?l=bugtraq&m=144493176821532&w=2
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://rhn.redhat.com/errata/RHSA-2015-1006.html
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256
- https://kb.juniper.net/JSA10783
- http://www.securitytracker.com/id/1033737
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
- http://marc.info/?l=bugtraq&m=144060576831314&w=2
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securitytracker.com/id/1036222
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
- http://www-304.ibm.com/support/docview.wss?uid=swg21960769
- https://security.gentoo.org/glsa/201512-10
- http://rhn.redhat.com/errata/RHSA-2015-1229.html
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650
- http://www.securitytracker.com/id/1032600
- http://www.securitytracker.com/id/1032910
- http://www.ubuntu.com/usn/USN-2706-1
- http://rhn.redhat.com/errata/RHSA-2015-1526.html
- http://marc.info/?l=bugtraq&m=143817021313142&w=2
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securitytracker.com/id/1032599
- http://marc.info/?l=bugtraq&m=144104533800819&w=2
- http://www-304.ibm.com/support/docview.wss?uid=swg21903565
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380
- https://kc.mcafee.com/corporate/index?page=content&id=SB10163
- http://marc.info/?l=bugtraq&m=144043644216842&w=2
- http://www.securitytracker.com/id/1032734
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347
- http://www.securitytracker.com/id/1033769
- http://www.securitytracker.com/id/1032707
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
- http://rhn.redhat.com/errata/RHSA-2015-1091.html
- http://marc.info/?l=bugtraq&m=144069189622016&w=2
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888
- http://rhn.redhat.com/errata/RHSA-2015-1228.html
- http://marc.info/?l=bugtraq&m=144060606031437&w=2
- http://www.securitytracker.com/id/1032708
- http://www.huawei.com/en/psirt/security-advisories/hw-454055
- http://www.debian.org/security/2015/dsa-3316
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securitytracker.com/id/1033415
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
- https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709
- http://marc.info/?l=bugtraq&m=144104565600964&w=2
- http://www-01.ibm.com/support/docview.wss?uid=swg21883640
- http://marc.info/?l=bugtraq&m=144102017024820&w=2
- http://www.securitytracker.com/id/1033432
- http://marc.info/?l=bugtraq&m=143629696317098&w=2
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
- http://www.securitytracker.com/id/1032858
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922
- http://www.securitytracker.com/id/1032788
- http://www.ubuntu.com/usn/USN-2696-1
- https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
- http://www.debian.org/security/2015/dsa-3339
- http://rhn.redhat.com/errata/RHSA-2015-1020.html
- http://rhn.redhat.com/errata/RHSA-2015-1242.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
- http://www.securitytracker.com/id/1033431
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
- http://www.securitytracker.com/id/1032868
- http://marc.info/?l=bugtraq&m=144059703728085&w=2
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.securityfocus.com/bid/91787
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
- http://rhn.redhat.com/errata/RHSA-2015-1241.html
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://rhn.redhat.com/errata/RHSA-2015-1230.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
- http://marc.info/?l=bugtraq&m=143456209711959&w=2
- http://www.securitytracker.com/id/1033386
- http://marc.info/?l=bugtraq&m=143741441012338&w=2
- http://www.securitytracker.com/id/1033072
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
- http://rhn.redhat.com/errata/RHSA-2015-1021.html
- http://www-304.ibm.com/support/docview.wss?uid=swg21960015
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
- http://marc.info/?l=bugtraq&m=144059660127919&w=2
- http://www.securityfocus.com/bid/73684
- http://www.securitytracker.com/id/1032990
- http://www.securitytracker.com/id/1033071
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
- https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/