CVE-2015-2808
Description
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the Bar Mitzvah issue.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
32.288
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Updates for Google Chrome (66.0.3359.170) | Windows |
| Updates for Google Chrome (x64) (66.0.3359.170) | Windows |
| Updates for Google Chrome (66.0.3359.181) | Windows |
| Updates for Google Chrome (x64) (66.0.3359.181) | Windows |
| Updates for Google Chrome (67.0.3396.62) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.62) | Windows |
| Updates for Google Chrome (67.0.3396.79) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.79) | Windows |
| Updates for Google Chrome (67.0.3396.87) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.87) | Windows |
| Google Chrome (67.0.3396.99) | Windows |
| Google Chrome (x64) (67.0.3396.99) | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.9 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.11 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.33 | Windows |
| Vulnerabilities CVE-2015-2808,CVE-2014-8730,CVE-2013-6329 are fixed in IBM HTTP 8.5.5.2 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.39 | Windows |
| Vulnerabilities CVE-2015-3183,CVE-2015-2808,CVE-2015-0138 are fixed in IBM HTTP 8.5.5.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2 | Windows |
| Multiple vulnerabilities are affected in Oracle HTTP Server 11.1.1.9.0 | Windows |
| Multiple vulnerabilities are affected in Oracle HTTP Server 12.1.3.0.0 | Windows |
| Vulnerabilities CVE-2015-2808,CVE-2016-2183,CVE-2017-9798,CVE-2018-2561 are affected in Oracle HTTP Server 11.1.1.7.0 | Windows |
| Vulnerabilities CVE-2015-2808,CVE-2016-2183 are affected in Oracle HTTP Server 12.2.1.1.0 | Windows |
| Vulnerabilities CVE-2015-2808,CVE-2016-2183,CVE-2017-9798,CVE-2018-2561 are affected in Oracle HTTP Server 12.2.1.2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.6 | Windows |
| Multiple Vulnerabilities are affected in IBM TXSeries for Multiplatforms 7.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 8.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 8.5.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.7 | Windows |
| Updates for Google Chrome (66.0.3359.170) (For Ubuntu) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Debian) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Debian) | Linux |
| Google Chrome (67.0.3396.99) (For Debian) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Centos) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Centos) | Linux |
| Google Chrome (67.0.3396.99) (For Centos) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For RedHat) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For RedHat) | Linux |
| Google Chrome (67.0.3396.99) (For RedHat) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Suse) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Suse) | Linux |
| Google Chrome (67.0.3396.99) (For Suse) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Ubuntu) | Linux |
| Google Chrome (67.0.3396.99) (For Ubuntu) | Linux |
| Vulnerabilities CVE-2015-2808 are affected in oceanstor_replicationdirector v100r003c00 | NCM |
| Vulnerabilities CVE-2015-2808 ,CVE-2016-4058 are affected in policy_center v100r003c10 | NCM |
| Vulnerabilities CVE-2015-2808 ,CVE-2016-4058 are affected in policy_center v100r003c00 | NCM |
| Vulnerabilities CVE-2015-2808 are affected in smc2.0 v100r002c04 | NCM |
| Vulnerabilities CVE-2015-2808 are affected in smc2.0 v100r002c03 | NCM |
| Vulnerabilities CVE-2015-2808 are affected in smc2.0 v100r002c02 | NCM |
| Vulnerabilities CVE-2015-2808 are affected in smc2.0 v100r002c01 | NCM |
| Vulnerabilities CVE-2015-2808 are affected in ultravr v100r003c00 | NCM |
| Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2015-2808) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-307513 | Updates for Google Chrome (66.0.3359.170) |
| PATCH-307515 | Updates for Google Chrome (x64) (66.0.3359.170) |
| PATCH-307534 | Updates for Google Chrome (66.0.3359.181) |
| PATCH-307535 | Updates for Google Chrome (x64) (66.0.3359.181) |
| PATCH-307607 | Updates for Google Chrome (67.0.3396.62) |
| PATCH-307608 | Updates for Google Chrome (x64) (67.0.3396.62) |
| PATCH-307641 | Updates for Google Chrome (67.0.3396.79) |
| PATCH-307644 | Updates for Google Chrome (x64) (67.0.3396.79) |
| PATCH-307660 | Updates for Google Chrome (67.0.3396.87) |
| PATCH-307662 | Updates for Google Chrome (x64) (67.0.3396.87) |
| PATCH-307715 | Google Chrome (67.0.3396.99) |
| PATCH-307716 | Google Chrome (x64) (67.0.3396.99) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234