medium
5
CWE
327
Advisory Published
CVE Published
Updated

CVE-2015-2808

First published: Mon Mar 30 2015(Updated: )

It was discovered that the Invariance Weakness of the RC4 stream cipher could be used to recover plaintext from a TLS connection, when RC4 encryption is used. "The Invariance Weakness is an L-shape key pattern in RC4 keys, which once it exists in an RC4 key, preserves part of the state permutation intact throughout the initialization process. This intact part includes the least significant bits of the permutation, when processed by the PRGA algorithm, determines the least significant bits of the allegedly pseudo-random output stream along a long prefix of the stream." This can lead to significant leakage of plaintext bytes from the ciphertext. External Reference: <a href="http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf">http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf</a>

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/java<1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11
1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11
redhat/java<1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11
1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11
redhat/java<1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6
1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6
redhat/java<1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6
1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6
redhat/java<1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6
1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6
redhat/java<1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1
1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1
redhat/java<1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1
1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1
redhat/java<1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1
1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1
redhat/java<1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11
1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11
redhat/java<1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11
1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11
redhat/java<1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5
1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5
redhat/java<1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5
1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5
redhat/java<1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5
1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5
redhat/java<1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6
1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6
redhat/java<1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6
1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6
redhat/java<1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7
1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7
redhat/java<1.8.0-openjdk-1:1.8.0.51-1.b16.el7_1
1.8.0-openjdk-1:1.8.0.51-1.b16.el7_1
redhat/java<1.7.0-openjdk-1:1.7.0.85-2.6.1.2.el7_1
1.7.0-openjdk-1:1.7.0.85-2.6.1.2.el7_1
redhat/java<1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1
1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1
redhat/java<1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6
1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6
redhat/java<1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6
1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6
redhat/java<1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6
1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6
redhat/java<1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el7_1
1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el7_1
debian/openjdk-8
8u442-ga-2
Oracle Communications Application Session Controller>=3.0.0<=3.9.0
Oracle Communications Policy Management<9.9.2
Oracle HTTP Server=11.1.1.7.0
Oracle HTTP Server=11.1.1.9.0
Oracle HTTP Server=12.1.3.0.0
Oracle HTTP Server=12.2.1.1.0
Oracle HTTP Server=12.2.1.2.0
Oracle Integrated Lights Out Manager>=3.0.0<=3.2.11
Oracle Integrated Lights Out Manager>=4.0.0<=4.0.4
Debian Linux=7.0
Debian Linux=8.0
Red Hat Satellite=5.7
Red Hat Enterprise Linux Desktop=5.0
Red Hat Enterprise Linux Desktop=6.0
Red Hat Enterprise Linux Desktop=7.0
Red Hat Enterprise Linux Server EUS=6.6
Red Hat Enterprise Linux Server EUS=7.1
Red Hat Enterprise Linux Server EUS=7.2
Red Hat Enterprise Linux Server EUS=7.3
Red Hat Enterprise Linux Server EUS=7.4
Red Hat Enterprise Linux Server EUS=7.5
Red Hat Enterprise Linux Server EUS=7.6
Red Hat Enterprise Linux Server EUS=7.7
Red Hat Enterprise Linux Server=5.0
Red Hat Enterprise Linux Server=6.0
Red Hat Enterprise Linux Server=7.0
Red Hat Enterprise Linux Server=6.6
Red Hat Enterprise Linux Server=7.3
Red Hat Enterprise Linux Server=7.4
Red Hat Enterprise Linux Server=7.6
Red Hat Enterprise Linux Server=7.7
Red Hat Enterprise Linux Server=7.3
Red Hat Enterprise Linux Server=7.6
Red Hat Enterprise Linux Server=7.7
Red Hat Enterprise Linux Workstation=5.0
Red Hat Enterprise Linux Workstation=6.0
Red Hat Enterprise Linux Workstation=7.0
SUSE Linux Enterprise Debuginfo=11-sp3
SUSE Linux Enterprise Debuginfo=11-sp4
openSUSE=13.1
openSUSE=13.2
SUSE Linux Enterprise Desktop=11-sp3
SUSE Linux Enterprise Desktop=11-sp4
SUSE Linux Enterprise Desktop=12
SUSE Linux Enterprise Server=10-sp4
SUSE Linux Enterprise Server=11-sp1
SUSE Linux Enterprise Server=11-sp2
SUSE Linux Enterprise Server=11-sp3
SUSE Linux Enterprise Server=12
SUSE Linux Enterprise Software Development Kit=11-sp3
SUSE Linux Enterprise Software Development Kit=12
SUSE Manager Server=1.7
SUSE Linux Enterprise Server=11-sp2
Ubuntu=12.04
Ubuntu=14.04
Ubuntu=15.04
Red Hat Satellite=5.6
Red Hat Enterprise Linux=5.0
Red Hat Enterprise Linux=6.0
Fujitsu SPARC Enterprise M3000 Firmware>=xcp<xcp_1121
Oracle SPARC Enterprise m3000 Server
Fujitsu SPARC Enterprise M4000 Firmware>=xcp<xcp_1121
Fujitsu SPARC Enterprise M4000 Firmware
Fujitsu SPARC Enterprise M5000 Firmware>=xcp<xcp_1121
Oracle SPARC Enterprise m5000 Server
Fujitsu SPARC Enterprise M8000 Firmware>=xcp<xcp_1121
Fujitsu SPARC Enterprise M8000 Firmware
Fujitsu SPARC Enterprise M9000 Firmware>=xcp<xcp_1121
Fujitsu SPARC Enterprise M9000 Firmware
Huawei E6000 Chassis Firmware
Huawei E6000 Chassis Firmware
Huawei E9000 Firmware
Huawei Tecal E9000 Chassis
Huawei OceanStor 18500 Firmware
Huawei OceanStor 18500 V3
Huawei OceanStor 18800 V3
Huawei OceanStor 18800 V3
Huawei OceanStor 18800 Firmware
Huawei OceanStor 18800F Firmware
Huawei OceanStor 9000 Firmware
Huawei OceanStor 9000
Huawei OceanStor CSE Firmware
Huawei OceanStor CSE
Huawei OceanStor HVS85T Firmware
Huawei OceanStor HVS85T Firmware
Huawei OceanStor S2600T Firmware
Huawei OceanStor S2600T Firmware
Huawei OceanStor S5500T Firmware
Huawei OceanStor S5500T Firmware
Huawei OceanStor S5600T Firmware
Huawei OceanStor S5600T Firmware
Huawei OceanStor S5800T Firmware
Huawei OceanStor S5800T Firmware
Huawei OceanStor S6800T Firmware
Huawei OceanStor S6800T Firmware
Huawei OceanStor VIS6600T Firmware
Huawei OceanStor VIS6600T Firmware
Huawei Quidway S9300 Firmware
Huawei Quidway Service Process Unit Board S9300
Huawei Campus S7700 firmware
Huawei Campus S7700
Huawei LSW S9700 firmware
Huawei S9700
Huawei S12700 Firmware
Huawei S12700 Firmware
Huawei S2700 Firmware
Huawei S2700 Firmware
Huawei S3700 Firmware
Huawei S3700 Firmware
Huawei S5700 Firmware
Huawei S5700EI Firmware
Huawei S5700HI Firmware
Huawei S5700HI Firmware
Huawei S5700 Firmware
Huawei S5700SI Firmware
Huawei 5710EI Firmware
Huawei 5710EI Firmware
Huawei S5710HI Firmware
Huawei S5710HI Firmware
Huawei 6700EI Firmware
Huawei S6700 Firmware
Huawei S2750EI Firmware
Huawei S2750 Firmware
Huawei S5700 Firmware
Huawei S5700LI Firmware
Huawei S5700LI Firmware
Huawei S5700LI Firmware
Huawei S5720HI
Huawei S5720HI
Huawei S5720EI
Huawei S5720EI Firmware
Huawei TE60 Firmware
Huawei TE60 Firmware
Huawei OceanStor ReplicationDirector=v100r003c00
Huawei Policy Center=v100r003c00
Huawei Policy Center=v100r003c10
Huawei SMC2.0 firmware=v100r002c01
Huawei SMC2.0 firmware=v100r002c02
Huawei SMC2.0 firmware=v100r002c03
Huawei SMC2.0 firmware=v100r002c04
Huawei UltraVR=v100r003c00
IBM Cognos Metrics Manager=10.1
IBM Cognos Metrics Manager=10.1.1
IBM Cognos Metrics Manager=10.2
IBM Cognos Metrics Manager=10.2.1
IBM Cognos Metrics Manager=10.2.2
All of
SUSE Manager Server=1.7
SUSE Linux Enterprise Server=11-sp2
All of
Red Hat Satellite=5.6
Any of
Red Hat Enterprise Linux=5.0
Red Hat Enterprise Linux=6.0
All of
Fujitsu SPARC Enterprise M3000 Firmware>=xcp<xcp_1121
Oracle SPARC Enterprise m3000 Server
All of
Fujitsu SPARC Enterprise M4000 Firmware>=xcp<xcp_1121
Fujitsu SPARC Enterprise M4000 Firmware
All of
Fujitsu SPARC Enterprise M5000 Firmware>=xcp<xcp_1121
Oracle SPARC Enterprise m5000 Server
All of
Fujitsu SPARC Enterprise M8000 Firmware>=xcp<xcp_1121
Fujitsu SPARC Enterprise M8000 Firmware
All of
Fujitsu SPARC Enterprise M9000 Firmware>=xcp<xcp_1121
Fujitsu SPARC Enterprise M9000 Firmware
All of
Huawei E6000 Chassis Firmware
Huawei E6000 Chassis Firmware
All of
Huawei E9000 Firmware
Huawei Tecal E9000 Chassis
All of
Huawei OceanStor 18500 Firmware
Huawei OceanStor 18500 V3
All of
Huawei OceanStor 18800 V3
Huawei OceanStor 18800 V3
All of
Huawei OceanStor 18800 Firmware
Huawei OceanStor 18800F Firmware
All of
Huawei OceanStor 9000 Firmware
Huawei OceanStor 9000
All of
Huawei OceanStor CSE Firmware
Huawei OceanStor CSE
All of
Huawei OceanStor HVS85T Firmware
Huawei OceanStor HVS85T Firmware
All of
Huawei OceanStor S2600T Firmware
Huawei OceanStor S2600T Firmware
All of
Huawei OceanStor S5500T Firmware
Huawei OceanStor S5500T Firmware
All of
Huawei OceanStor S5600T Firmware
Huawei OceanStor S5600T Firmware
All of
Huawei OceanStor S5800T Firmware
Huawei OceanStor S5800T Firmware
All of
Huawei OceanStor S6800T Firmware
Huawei OceanStor S6800T Firmware
All of
Huawei OceanStor VIS6600T Firmware
Huawei OceanStor VIS6600T Firmware
All of
Huawei Quidway S9300 Firmware
Huawei Quidway Service Process Unit Board S9300
All of
Huawei Campus S7700 firmware
Huawei Campus S7700
All of
Huawei LSW S9700 firmware
Huawei S9700
All of
Huawei S12700 Firmware
Huawei S12700 Firmware
All of
Huawei S2700 Firmware
Huawei S2700 Firmware
All of
Huawei S3700 Firmware
Huawei S3700 Firmware
All of
Huawei S5700 Firmware
Huawei S5700EI Firmware
All of
Huawei S5700HI Firmware
Huawei S5700HI Firmware
All of
Huawei S5700 Firmware
Huawei S5700SI Firmware
All of
Huawei 5710EI Firmware
Huawei 5710EI Firmware
All of
Huawei S5710HI Firmware
Huawei S5710HI Firmware
All of
Huawei 6700EI Firmware
Huawei S6700 Firmware
All of
Huawei S2750EI Firmware
Huawei S2750 Firmware
All of
Huawei S5700 Firmware
Huawei S5700LI Firmware
All of
Huawei S5700LI Firmware
Huawei S5700LI Firmware
All of
Huawei S5720HI
Huawei S5720HI
All of
Huawei S5720EI
Huawei S5720EI Firmware
All of
Huawei TE60 Firmware
Huawei TE60 Firmware

Remedy

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2015-2808?

    The severity of CVE-2015-2808 is classified as high due to its potential to expose sensitive information by exploiting the RC4 stream cipher's weaknesses.

  • How do I fix CVE-2015-2808?

    To fix CVE-2015-2808, it is recommended to upgrade to a version of Java that does not use the RC4 cipher for TLS connections.

  • Which Java versions are affected by CVE-2015-2808?

    CVE-2015-2808 affects multiple Java versions including 1.5, 1.6, 1.7, and 1.8, particularly those using RC4 in their cipher suites.

  • What impact does CVE-2015-2808 have on TLS connections?

    CVE-2015-2808 can lead to the recovery of plaintext from TLS connections when vulnerable RC4 encryption is used, compromising data security.

  • Is there a workaround for CVE-2015-2808?

    A temporary workaround for CVE-2015-2808 is to disable RC4 encryption in your applications to mitigate the risk until an upgrade can be performed.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203