Lucene search

PRIOn knowledge basePRION:CVE-2015-2808

HistoryApr 01, 2015 - 2:00 a.m.

Design/Logic Flaw

2015-04-0102:00:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.9%

JSON

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the “Bar Mitzvah” issue.

CPENameOperatorVersion
ubuntu_linuxeq15.04
ubuntu_linuxeq12.04
ubuntu_linuxeq14.04
debian_linuxeq8.0
debian_linuxeq7.0
sparc_enterprise_m3000_firmwareeq>= xcp AND < xcp-1121
sparc_enterprise_m4000_firmwareeq>= xcp AND < xcp-1121
sparc_enterprise_m5000_firmwareeq>= xcp AND < xcp-1121
sparc_enterprise_m8000_firmwareeq>= xcp AND < xcp-1121
sparc_enterprise_m9000_firmwareeq>= xcp AND < xcp-1121

Name	Operator	Version
ubuntu_linux	eq	15.04
ubuntu_linux	eq	12.04
ubuntu_linux	eq	14.04
debian_linux	eq	8.0
debian_linux	eq	7.0
sparc_enterprise_m3000_firmware	eq	>= xcp AND < xcp-1121
sparc_enterprise_m4000_firmware	eq	>= xcp AND < xcp-1121
sparc_enterprise_m5000_firmware	eq	>= xcp AND < xcp-1121
sparc_enterprise_m8000_firmware	eq	>= xcp AND < xcp-1121
sparc_enterprise_m9000_firmware	eq	>= xcp AND < xcp-1121

Rows per page:

1-10 of 771

References

h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

kb.juniper.net/InfoCenter/index?page=content&id=JSA10727

lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

rhn.redhat.com/errata/RHSA-2015-1006.html

rhn.redhat.com/errata/RHSA-2015-1007.html

rhn.redhat.com/errata/RHSA-2015-1020.html

rhn.redhat.com/errata/RHSA-2015-1021.html

rhn.redhat.com/errata/RHSA-2015-1091.html

rhn.redhat.com/errata/RHSA-2015-1228.html

rhn.redhat.com/errata/RHSA-2015-1229.html

rhn.redhat.com/errata/RHSA-2015-1230.html

rhn.redhat.com/errata/RHSA-2015-1241.html

rhn.redhat.com/errata/RHSA-2015-1242.html

rhn.redhat.com/errata/RHSA-2015-1243.html

rhn.redhat.com/errata/RHSA-2015-1526.html

www-01.ibm.com/support/docview.wss?uid=swg1IV71888

www-01.ibm.com/support/docview.wss?uid=swg1IV71892

www-01.ibm.com/support/docview.wss?uid=swg21883640

www-304.ibm.com/support/docview.wss?uid=swg21903565

www-304.ibm.com/support/docview.wss?uid=swg21960015

www-304.ibm.com/support/docview.wss?uid=swg21960769

www.debian.org/security/2015/dsa-3316

www.debian.org/security/2015/dsa-3339

www.huawei.com/en/psirt/security-advisories/hw-454055

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.securityfocus.com/bid/73684

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1032599

www.securitytracker.com/id/1032600

www.securitytracker.com/id/1032707

www.securitytracker.com/id/1032708

www.securitytracker.com/id/1032734

www.securitytracker.com/id/1032788

www.securitytracker.com/id/1032858

www.securitytracker.com/id/1032868

www.securitytracker.com/id/1032910

www.securitytracker.com/id/1032990

www.securitytracker.com/id/1033071

www.securitytracker.com/id/1033072

www.securitytracker.com/id/1033386

www.securitytracker.com/id/1033415

www.securitytracker.com/id/1033431

www.securitytracker.com/id/1033432

www.securitytracker.com/id/1033737

www.securitytracker.com/id/1033769

www.securitytracker.com/id/1036222

www.ubuntu.com/usn/USN-2696-1

www.ubuntu.com/usn/USN-2706-1

www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650

h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888

kb.juniper.net/JSA10783

kc.mcafee.com/corporate/index?page=content&id=SB10163

marc.info/?l=bugtraq&m=143456209711959&w=2

marc.info/?l=bugtraq&m=143629696317098&w=2

marc.info/?l=bugtraq&m=143741441012338&w=2

marc.info/?l=bugtraq&m=143817021313142&w=2

marc.info/?l=bugtraq&m=143817899717054&w=2

marc.info/?l=bugtraq&m=143818140118771&w=2

marc.info/?l=bugtraq&m=144043644216842&w=2

marc.info/?l=bugtraq&m=144059660127919&w=2

marc.info/?l=bugtraq&m=144059703728085&w=2

marc.info/?l=bugtraq&m=144060576831314&w=2

marc.info/?l=bugtraq&m=144060606031437&w=2

marc.info/?l=bugtraq&m=144069189622016&w=2

marc.info/?l=bugtraq&m=144102017024820&w=2

marc.info/?l=bugtraq&m=144104533800819&w=2

marc.info/?l=bugtraq&m=144104565600964&w=2

marc.info/?l=bugtraq&m=144493176821532&w=2

security.gentoo.org/glsa/201512-10

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709

www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf

www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.9%

JSON

Related for PRION:CVE-2015-2808