Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Security Impact Summary

CVE-2015-2808 is a security vulnerability that . Impacting 99 products from oracle, from oracle, from oracle and 96 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2015, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2015-04-01T02:00:35.097

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-327
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application oracle communications_application_session_controller ≤ 3.9.0 Yes
Application oracle communications_policy_management < 9.9.2 Yes
Application oracle http_server 11.1.1.7.0 Yes
Application oracle http_server 11.1.1.9.0 Yes
Application oracle http_server 12.1.3.0.0 Yes
Application oracle http_server 12.2.1.1.0 Yes
Application oracle http_server 12.2.1.2.0 Yes
Operating System oracle integrated_lights_out_manager_firmware ≤ 3.2.11 Yes
Operating System oracle integrated_lights_out_manager_firmware ≤ 4.0.4 Yes
Operating System debian debian_linux 7.0 Yes
Operating System debian debian_linux 8.0 Yes
Application redhat satellite 5.7 Yes
Operating System redhat enterprise_linux_desktop 5.0 Yes
Operating System redhat enterprise_linux_desktop 6.0 Yes
Operating System redhat enterprise_linux_desktop 7.0 Yes
Operating System redhat enterprise_linux_eus 6.6 Yes
Operating System redhat enterprise_linux_eus 7.1 Yes
Operating System redhat enterprise_linux_eus 7.2 Yes
Operating System redhat enterprise_linux_eus 7.3 Yes
Operating System redhat enterprise_linux_eus 7.4 Yes
Operating System redhat enterprise_linux_eus 7.5 Yes
Operating System redhat enterprise_linux_eus 7.6 Yes
Operating System redhat enterprise_linux_eus 7.7 Yes
Operating System redhat enterprise_linux_server 5.0 Yes
Operating System redhat enterprise_linux_server 6.0 Yes
Operating System redhat enterprise_linux_server 7.0 Yes
Operating System redhat enterprise_linux_server_aus 6.6 Yes
Operating System redhat enterprise_linux_server_aus 7.3 Yes
Operating System redhat enterprise_linux_server_aus 7.4 Yes
Operating System redhat enterprise_linux_server_aus 7.6 Yes
Operating System redhat enterprise_linux_server_aus 7.7 Yes
Operating System redhat enterprise_linux_server_tus 7.3 Yes
Operating System redhat enterprise_linux_server_tus 7.6 Yes
Operating System redhat enterprise_linux_server_tus 7.7 Yes
Operating System redhat enterprise_linux_workstation 5.0 Yes
Operating System redhat enterprise_linux_workstation 6.0 Yes
Operating System redhat enterprise_linux_workstation 7.0 Yes
Application suse linux_enterprise_debuginfo 11 Yes
Application suse linux_enterprise_debuginfo 11 Yes
Operating System opensuse opensuse 13.1 Yes
Operating System opensuse opensuse 13.2 Yes
Operating System suse linux_enterprise_desktop 11 Yes
Operating System suse linux_enterprise_desktop 11 Yes
Operating System suse linux_enterprise_desktop 12 Yes
Operating System suse linux_enterprise_server 10 Yes
Operating System suse linux_enterprise_server 11 Yes
Operating System suse linux_enterprise_server 11 Yes
Operating System suse linux_enterprise_server 11 Yes
Operating System suse linux_enterprise_server 12 Yes
Operating System suse linux_enterprise_software_development_kit 11 Yes
Operating System suse linux_enterprise_software_development_kit 12 Yes
Application suse manager 1.7 Yes
Operating System suse linux_enterprise_server 11 No
Operating System canonical ubuntu_linux 12.04 Yes
Operating System canonical ubuntu_linux 14.04 Yes
Operating System canonical ubuntu_linux 15.04 Yes
Application redhat satellite 5.6 Yes
Operating System redhat enterprise_linux 5.0 No
Operating System redhat enterprise_linux 6.0 No
Operating System fujitsu sparc_enterprise_m3000_firmware < xcp_1121 Yes
Hardware fujitsu sparc_enterprise_m3000 - No
Operating System fujitsu sparc_enterprise_m4000_firmware < xcp_1121 Yes
Hardware fujitsu sparc_enterprise_m4000 - No
Operating System fujitsu sparc_enterprise_m5000_firmware < xcp_1121 Yes
Hardware fujitsu sparc_enterprise_m5000 - No
Operating System fujitsu sparc_enterprise_m8000_firmware < xcp_1121 Yes
Hardware fujitsu sparc_enterprise_m8000 - No
Operating System fujitsu sparc_enterprise_m9000_firmware < xcp_1121 Yes
Hardware fujitsu sparc_enterprise_m9000 - No
Operating System huawei e6000_firmware - Yes
Hardware huawei e6000 - No
Operating System huawei e9000_firmware - Yes
Hardware huawei e9000 - No
Operating System huawei oceanstor_18500_firmware - Yes
Hardware huawei oceanstor_18500 - No
Operating System huawei oceanstor_18800_firmware - Yes
Hardware huawei oceanstor_18800 - No
Operating System huawei oceanstor_18800f_firmware - Yes
Hardware huawei oceanstor_18800f - No
Operating System huawei oceanstor_9000_firmware - Yes
Hardware huawei oceanstor_9000 - No
Operating System huawei oceanstor_cse_firmware - Yes
Hardware huawei oceanstor_cse - No
Operating System huawei oceanstor_hvs85t_firmware - Yes
Hardware huawei oceanstor_hvs85t - No
Operating System huawei oceanstor_s2600t_firmware - Yes
Hardware huawei oceanstor_s2600t - No
Operating System huawei oceanstor_s5500t_firmware - Yes
Hardware huawei oceanstor_s5500t - No
Operating System huawei oceanstor_s5600t_firmware - Yes
Hardware huawei oceanstor_s5600t - No
Operating System huawei oceanstor_s5800t_firmware - Yes
Hardware huawei oceanstor_s5800t - No
Operating System huawei oceanstor_s6800t_firmware - Yes
Hardware huawei oceanstor_s6800t - No
Operating System huawei oceanstor_vis6600t_firmware - Yes
Hardware huawei oceanstor_vis6600t - No
Operating System huawei quidway_s9300_firmware - Yes
Hardware huawei quidway_s9300 - No
Operating System huawei s7700_firmware - Yes
Hardware huawei s7700 - No
Operating System huawei s7700_firmware - Yes
Hardware huawei s7700 - No
Operating System huawei 9700_firmware - Yes
Hardware huawei 9700 - No
Operating System huawei 9700_firmware - Yes
Hardware huawei 9700 - No
Operating System huawei s12700_firmware - Yes
Hardware huawei s12700 - No
Operating System huawei s12700_firmware - Yes
Hardware huawei s12700 - No
Operating System huawei s2700_firmware - Yes
Hardware huawei s2700 - No
Operating System huawei s3700_firmware - Yes
Hardware huawei s3700 - No
Operating System huawei s5700ei_firmware - Yes
Hardware huawei s5700ei - No
Operating System huawei s5700hi_firmware - Yes
Hardware huawei s5700hi - No
Operating System huawei s5700si_firmware - Yes
Hardware huawei s5700si - No
Operating System huawei s5710ei_firmware - Yes
Hardware huawei s5710ei - No
Operating System huawei s5710hi_firmware - Yes
Hardware huawei s5710hi - No
Operating System huawei s6700_firmware - Yes
Hardware huawei s6700 - No
Operating System huawei s2750_firmware - Yes
Hardware huawei s2750 - No
Operating System huawei s5700li_firmware - Yes
Hardware huawei s5700li - No
Operating System huawei s5700s-li_firmware - Yes
Hardware huawei s5700s-li - No
Operating System huawei s5720hi_firmware - Yes
Hardware huawei s5720hi - No
Operating System huawei s2750_firmware - Yes
Hardware huawei s2750 - No
Operating System huawei s5700li_firmware - Yes
Hardware huawei s5700li - No
Operating System huawei s5700s-li_firmware - Yes
Hardware huawei s5700s-li - No
Operating System huawei s5720hi_firmware - Yes
Hardware huawei s5720hi - No
Operating System huawei s5720ei_firmware - Yes
Hardware huawei s5720ei - No
Operating System huawei te60_firmware - Yes
Hardware huawei te60 - No
Application huawei oceanstor_replicationdirector v100r003c00 Yes
Application huawei policy_center v100r003c00 Yes
Application huawei policy_center v100r003c10 Yes
Application huawei smc2.0 v100r002c01 Yes
Application huawei smc2.0 v100r002c02 Yes
Application huawei smc2.0 v100r002c03 Yes
Application huawei smc2.0 v100r002c04 Yes
Application huawei ultravr v100r003c00 Yes
Application ibm cognos_metrics_manager 10.1 Yes
Application ibm cognos_metrics_manager 10.1.1 Yes
Application ibm cognos_metrics_manager 10.2 Yes
Application ibm cognos_metrics_manager 10.2.1 Yes
Application ibm cognos_metrics_manager 10.2.2 Yes
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For oracle's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.