exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 41 RSS Feed

CVE-2015-2808

Status Candidate

Overview

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Related Files

HP Security Bulletin HPSBHF03673 1
Posted Nov 24, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03673 1 - Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. These vulnerabilities could be exploited remotely to conduct spoofing attacks and plaintext recovery attacks resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, spoof, vulnerability
advisories | CVE-2004-2761, CVE-2013-2566, CVE-2015-2808
SHA-256 | 602636acd9eb352dc892bc1bded1cab28642c3e6645b73e0d9f61fe6df4d7dd2
HP Security Bulletin HPSBHF03654 1
Posted Sep 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03654 1 - Potential security vulnerabilities have been identified with HPE iMC PLAT network products using SSL/TLS. These vulnerabilities could be exploited remotely resulting in disclosure of information and other impacts. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2004-2761, CVE-2013-2566, CVE-2015-2808
SHA-256 | e95853b077c436c5cb5faee1cb16a533e757741fc8e0f4554f5e9d9b4c3468ac
HP Security Bulletin HPSBGN03627 1
Posted Jul 1, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03627 1 - A potential security vulnerability has been identified with HPE Service Manager. This is the RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2808
SHA-256 | 7c6ebe827eae0bacd2a4c46ef0accd6ec66d2c234787734246d6671b00c65198
HP Security Bulletin HPSBGN03580 1
Posted Apr 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03580 1 - Potential security vulnerabilities have been identified in HP Data Protector that could allow the remote execution of code or the unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2015-2808, CVE-2016-2004, CVE-2016-2005, CVE-2016-2006, CVE-2016-2007, CVE-2016-2008
SHA-256 | fe555940ce11a58464ddf248fb5f34613b1577e3c29742dd8f78b82baddfc1de
HP Security Bulletin HPSBMU03377 2
Posted Mar 15, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03377 2 - A potential security vulnerability has been identified with HP Release Control running RC4. A vulnerability in SST/TLS RC4 stream cipher known as Bar Mitzah was addressed by HPE Release Control. The vulnerability could be exploited to allow remote disclosure of information. Revision 2 of this advisory.

tags | advisory, remote
advisories | CVE-2015-2808
SHA-256 | 4a94ecae79f15bff50ee993b4a368bc87c1663772c14a553a0431dd5b25590cc
HPE Security Bulletin HPSBUX03435 SSRT102977 1
Posted Jan 8, 2016
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03435 SSRT102977 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts including: The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Apache does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters. Revision 1 of this advisory.

tags | advisory, remote, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2015-2808, CVE-2015-3183, CVE-2015-4000
SHA-256 | 918b77ebec19829d1b59175aae0a8ee89dbdd934b71e72c94b5d47c034841f94
HPE Security Bulletin HPSBUX03512 SSRT102254 1
Posted Oct 16, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03512 SSRT102254 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts including.. - The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. - The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2015-2808, CVE-2015-3183, CVE-2015-4000
SHA-256 | 18b317e7f0098c34b8f49719b2e63ed788cd23d93ced85911b489c5da5329541
HP Security Bulletin HPSBST03418 2
Posted Oct 5, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03418 2 - A potential security vulnerabilities have been identified with HP P6000 Command View Software. They are the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", and the RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3566, CVE-2015-2808
SHA-256 | 6fb29cdacf8c44002ac40358621b5a89aa23f2ebefe73090f8d2e3a3df310841
HP Security Bulletin HPSBGN03403 1
Posted Sep 1, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03403 1 - A potential security vulnerability has been identified in HP Virtualization Performance Viewer. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2808
SHA-256 | 9a92f9f6d96f725621ef290428c6fdf73dfa32978dd5ea984e7a659490a23199
HP Security Bulletin HPSBMU03401 1
Posted Sep 1, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03401 1 - Potential security vulnerabilities have been identified in HP Operations Manager for UNIX and Linux. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, unix
advisories | CVE-2015-2808, CVE-2015-4000
SHA-256 | 990731097c8dd5c0abbddc2d403dc53d198b28babfc43cb719ca3cee44e06538
HP Security Bulletin HPSBGN03407 1
Posted Aug 28, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03407 1 - Potential security vulnerabilities have been identified in HP Operations Manager for Windows. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2015-2808, CVE-2015-4000
SHA-256 | 67048196abdfa69916a6efa701454c95118f91f9cde4a4921506b10a0f9aca07
HP Security Bulletin HPSBGN03402 2
Posted Aug 27, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03402 2 - Potential security vulnerabilities have been identified in HP Performance Manager. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808, CVE-2015-4000
SHA-256 | 7255fe9b9e0c4dc2613a0fce0cf8175e66e35e1985b0c6504390b0105dfe41de
HP Security Bulletin HPSBGN03405 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03405 1 - Potential security vulnerabilities have been identified in HP Integration Adaptor. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808, CVE-2015-4000
SHA-256 | 0e6fc4e54f6c6314c75c0105e2ac65fd4c07dd8d8fb3eb8e90df6aa1a1f6a636
HP Security Bulletin HPSBGN03399 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03399 1 - Potential security vulnerabilities have been identified in HP BSM Connector (BSMC). The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808, CVE-2015-4000
SHA-256 | 84f3b874b3b98be0bf0823568c0e8846a56946be08587462ea7859e44fa6c5df
HP Security Bulletin HPSBGN03415 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03415 1 - Potential security vulnerabilities have been identified in HP Operations Agent Virtual Appliance. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808
SHA-256 | fe697ef6edf021eeaaa0c510a00b8027459e63c615ee0257cc4e7099c03d9fe1
HP Security Bulletin HPSBGN03414 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03414 1 - Potential security vulnerabilities have been identified in HP Operations Agent. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808
SHA-256 | bf90a44cb60c6e9039856d3da552a22356d63ab04ce1ca47af70fce3e6b2b9e1
HP Security Bulletin HPSBMU03345 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03345 1 - Potential security vulnerabilities have been identified with HP Network Node Manager i and Smart Plugins (iSPIs). The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The SSLv3 vulnerability using US export-grade RSA encryption known as FREAK could be exploited remotely to allow unauthorized . Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-0204, CVE-2015-2808, CVE-2015-4000
SHA-256 | fe7f899b4850cb2631ccebca80f500545354289771cf98a3fb0cd9de9070a04d
Debian Security Advisory 3339-1
Posted Aug 21, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3339-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
SHA-256 | cc5c31eaed80c0cd400ec91f3fd6136488f7855153b9eb4184a81e7c430e9138
Ubuntu Security Notice USN-2706-1
Posted Aug 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2706-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
SHA-256 | 43d713d4f87bfbe8c290f9a1b71ea87bd7e27654c81117d2859669b12657800e
Red Hat Security Advisory 2015-1526-01
Posted Aug 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1526-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid.

tags | advisory, java, protocol
systems | linux, redhat
advisories | CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
SHA-256 | 28932cde7e1e54b5faa2a128d70fecb9ba81b65dd119ddde1d9ba9ffd2dfed25
Ubuntu Security Notice USN-2696-1
Posted Aug 3, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2696-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
SHA-256 | 8ac70ef5d3ffc3c065a0c52d7f424e904636f1c7c4b12a1196a9cf9750c40c26
HP Security Bulletin HPSBGN03366 1
Posted Aug 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03366 1 - A potential security vulnerability has been identified with HP Business Process Insight. This is the RC4 vulnerability known as the Bar Mitzvah attack, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2808
SHA-256 | b918864d7cae5bf0425fd2d28c0c3223ad3d2d2b921317b80ddd094e6a36d29d
HP Security Bulletin HPSBGN03367 1
Posted Aug 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03367 1 - A potential security vulnerability has been identified with HP TransactionVision. This is the RC4 vulnerability known as the Bar Mitzvah attack, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2808
SHA-256 | 31eae33287034323bb0d9fd5c9218b3a0251c8fde99b7f03b778550f7585a298
HP Security Bulletin HPSBGN03372 1
Posted Jul 28, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03372 1 - A potential security vulnerability has been identified with HP Business Process Monitor. Note: This is the RC4 vulnerability known as Bar Mitzvah, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2808
SHA-256 | 9b73db045d143da79cc2c0b338b19a878898416fc761a2f8ac5e5472198a95e2
Debian Security Advisory 3316-1
Posted Jul 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3316-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-8873, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
SHA-256 | 77f6084f42e84ac99b7ceff809ccb976e89d5a9bf14710928cf2e5b55b224527
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close