CVE-2015-2808

3.7 LOW

Published: April 01, 2015 Modified: May 28, 2026

Description

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034

Source: cve@mitre.org

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: cve@mitre.org

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://marc.info/?l=bugtraq&m=143456209711959&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=143629696317098&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=143741441012338&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=143817021313142&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=143817899717054&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=143818140118771&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=144043644216842&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=144059660127919&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=144059703728085&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=144060576831314&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=144060606031437&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=144069189622016&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=144102017024820&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=144104533800819&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=144104565600964&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://marc.info/?l=bugtraq&m=144493176821532&w=2

Source: cve@mitre.org

Issue Tracking Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1006.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1007.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1020.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1021.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1091.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1228.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1229.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1230.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1241.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1242.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1243.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1526.html

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892

Source: cve@mitre.org

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21883640

Source: cve@mitre.org

Third Party Advisory

http://www-304.ibm.com/support/docview.wss?uid=swg21903565

Source: cve@mitre.org

Third Party Advisory

http://www-304.ibm.com/support/docview.wss?uid=swg21960015

Source: cve@mitre.org

Third Party Advisory

http://www-304.ibm.com/support/docview.wss?uid=swg21960769

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2015/dsa-3316

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2015/dsa-3339

Source: cve@mitre.org

Third Party Advisory

http://www.huawei.com/en/psirt/security-advisories/hw-454055

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: cve@mitre.org

Patch Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/73684

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/91787

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1032599

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1032600

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1032707

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1032708

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1032734

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1032788

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1032858

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1032868

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1032910

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1032990

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1033071

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1033072

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1033386

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1033415

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1033431

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1033432

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1033737

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1033769

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1036222

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.ubuntu.com/usn/USN-2696-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2706-1

Source: cve@mitre.org

Third Party Advisory

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm

Source: cve@mitre.org

Third Party Advisory

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922

Source: cve@mitre.org

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140

Source: cve@mitre.org

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190

Source: cve@mitre.org

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119

Source: cve@mitre.org

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

Source: cve@mitre.org

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256

Source: cve@mitre.org

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

Source: cve@mitre.org

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

Source: cve@mitre.org

Third Party Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650

Source: cve@mitre.org

Third Party Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380

Source: cve@mitre.org

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988

Source: cve@mitre.org

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347

Source: cve@mitre.org

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935

Source: cve@mitre.org

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888

Source: cve@mitre.org

Third Party Advisory

https://kb.juniper.net/JSA10783

Source: cve@mitre.org

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10163

Source: cve@mitre.org

Broken Link

https://security.gentoo.org/glsa/201512-10

Source: cve@mitre.org

Third Party Advisory

https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709

Source: cve@mitre.org

Third Party Advisory

https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf

Source: cve@mitre.org

Technical Description Third Party Advisory

https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/

Source: cve@mitre.org

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034