CVE-2015-2808
Oracle Communications Application Session Controller 3.0.0-3.8.9 - Use of a Broken or Risky Cryptographic Algorithm
Title source: llmDescription
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
References (101)
Core 101
Core References
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=143818140118771&w=2
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1243.html
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1007.html
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=143817899717054&w=2
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=144493176821532&w=2
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1006.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1033737
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=144060576831314&w=2
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1036222
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201512-10
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1229.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032600
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032910
Third Party Advisory vendor-advisory
http://www.ubuntu.com/usn/USN-2706-1
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1526.html
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=143817021313142&w=2
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032599
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=144104533800819&w=2
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=144043644216842&w=2
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032734
Third Party Advisory vendor-advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1033769
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032707
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1091.html
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=144069189622016&w=2
Third Party Advisory vendor-advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1228.html
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=144060606031437&w=2
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032708
Third Party Advisory vendor-advisory
http://www.debian.org/security/2015/dsa-3316
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1033415
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=144104565600964&w=2
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=144102017024820&w=2
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1033432
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=143629696317098&w=2
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032858
Third Party Advisory vendor-advisory
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032788
Third Party Advisory vendor-advisory
http://www.ubuntu.com/usn/USN-2696-1
Third Party Advisory vendor-advisory
http://www.debian.org/security/2015/dsa-3339
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1020.html
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1242.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1033431
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032868
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=144059703728085&w=2
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/91787
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1241.html
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1230.html
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=143456209711959&w=2
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1033386
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=143741441012338&w=2
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1033072
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1021.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
Issue Tracking, Third Party Advisory vendor-advisory
http://marc.info/?l=bugtraq&m=144059660127919&w=2
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/73684
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032990
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1033071
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
Third Party Advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21883640
Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21903565
Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960015
Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960769
Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/hw-454055
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Patch, Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Third Party Advisory
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
Third Party Advisory
https://kb.juniper.net/JSA10783
Third Party Advisory
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709
Technical Description, Third Party Advisory
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
Scores
EPSS
0.3749
EPSS Percentile
97.2%
Details
CWE
CWE-327
Status
published
Products (50)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.04
debian/debian_linux
7.0
debian/debian_linux
8.0
fujitsu/sparc_enterprise_m3000_firmware
xcp - xcp_1121
fujitsu/sparc_enterprise_m4000_firmware
xcp - xcp_1121
fujitsu/sparc_enterprise_m5000_firmware
xcp - xcp_1121
fujitsu/sparc_enterprise_m8000_firmware
xcp - xcp_1121
fujitsu/sparc_enterprise_m9000_firmware
xcp - xcp_1121
... and 40 more
Published
Apr 01, 2015
Tracked Since
Feb 18, 2026