CVE-2015-2808 : The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data duri

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Published 2015-04-01 02:00:35

Updated 2023-09-07 17:15:38

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-2808

Probability of exploitation activity in the next 30 days: 0.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-2808

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2015-2808

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2808

http://www.securitytracker.com/id/1032707

HP Discovery & Dependency Mapping Inventory (DDMI) TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1032734

IBM Tivoli Directory Server Multiple Flaws Let Remote Authenticated Users Execute Arbitrary Commands, Remote Users Obtain Information and Conduct Cross-Site Scripting Attacks, and Local Users Obtain I
Third Party Advisory;VDB Entry

CVEs referencing this url
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380

HPSBGN03352 rev.3 - HP Asset Manager Using RC4, Remote Disclosure of Information
Third Party Advisory
http://www.securitytracker.com/id/1032599

HP SiteScope TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://www.ubuntu.com/usn/USN-2696-1

USN-2696-1: OpenJDK 7 vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=144069189622016&w=2

'[security bulletin] HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information' - MARC
Issue Tracking;Third Party Advisory

CVEs referencing this url
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650

HPSBGN03350 rev.2 - HP SiteScope Using RC4, Remote Disclosure of Information
Third Party Advisory
http://www.debian.org/security/2015/dsa-3339

Debian -- Security Information -- DSA-3339-1 openjdk-6
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1032600

HP Service Manager SSLv3 RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-1020.html

RHSA-2015:1020 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html

[security-announce] SUSE-SU-2015:1319-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1526.html

RHSA-2015:1526 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=144493176821532&w=2

'[security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Den' - MARC
Issue Tracking;Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=143629696317098&w=2

'[security bulletin] HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information' - MARC
Issue Tracking;Third Party Advisory
http://www.securitytracker.com/id/1033769

IBM Flex System Manager TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://marc.info/?l=bugtraq&m=144104533800819&w=2

'[security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorize' - MARC
Issue Tracking;Third Party Advisory

CVEs referencing this url
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727

Juniper Networks - 2016-04 Security Bulletin: Junos Space: Multiple privilege escalation vulnerabilities in Junos Space
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1091.html

RHSA-2015:1091 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709

IBM Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Flex System Manager (FSM) (CVE-2015-2808)
Third Party Advisory
http://www.securitytracker.com/id/1036222

HPE Service Manager TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
https://security.gentoo.org/glsa/201512-10

Mozilla Products: Multiple vulnerabilities (GLSA 201512-10) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

cpuapr2016v3
Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=143741441012338&w=2

'[security bulletin] HPSBMU03377 rev.1 - HP Release Control running RC4, Remote Disclosure of Informa' - MARC
Issue Tracking;Third Party Advisory
http://www.securityfocus.com/bid/91787

Oracle July 2016 Critical Patch Update Multiple Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securitytracker.com/id/1032990

HP Release Control TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Oracle Critical Patch Update - January 2018
Patch;Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1032708

HP Universal Configuration Management Database TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf

Technical Description;Third Party Advisory
http://marc.info/?l=bugtraq&m=144060606031437&w=2

'[security bulletin] HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Di' - MARC
Issue Tracking;Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=143456209711959&w=2

'[security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Informa' - MARC
Issue Tracking;Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892

IBM IV71892: FIX SECURITY VULNERABILITY CVE-2015-2808
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1007.html

RHSA-2015:1007 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1033072

HP Project and Portfolio Management Center TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html

[security-announce] SUSE-SU-2015:1085-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1033386

HP Network Node Manager i TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-1021.html

RHSA-2015:1021 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119

HPSBGN03407 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Modification, Disclosure of Information
Third Party Advisory

CVEs referencing this url
http://www-304.ibm.com/support/docview.wss?uid=swg21960015

IBM Security Bulletin: Vulnerability in RC4 stream cipher affects Tivoli Netcool/OMNIbus (CVE-2015-2808)
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10163

McAfee Security Bulletin: Network Data Loss Prevention update fixes CVE-2015-2808 and CVE-2008-5161
Broken Link

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1242.html

RHSA-2015:1242 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=143817899717054&w=2

'[security bulletin] HPSBGN03367 rev.1 - HP TransactionVision with RC4 Stream Cipher, Remote Disclosu' - MARC
Issue Tracking;Third Party Advisory
http://www.securitytracker.com/id/1033432

HP Operations Manager for Windows TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://www.debian.org/security/2015/dsa-3316

Debian -- Security Information -- DSA-3316-1 openjdk-7
Third Party Advisory

CVEs referencing this url
http://www-304.ibm.com/support/docview.wss?uid=swg21903565

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Metrics Manager (CVE-2015-0478, CVE-2015-0488, CVE-2015-2808)
Third Party Advisory

CVEs referencing this url
http://www.huawei.com/en/psirt/security-advisories/hw-454055

Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS)
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1033431

HP Operations Manager for Linux and UNIX TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Oracle Critical Patch Update - October 2017
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1032788

IBM Cognos Metrics Manager TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Oracle Critical Patch Update - July 2016
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1228.html

RHSA-2015:1228 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2706-1

USN-2706-1: OpenJDK 6 vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html

[security-announce] SUSE-SU-2015:1086-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034

HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html

[security-announce] SUSE-SU-2015:1320-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=144102017024820&w=2

'[security bulletin] HPSBGN03407 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Modif' - MARC
Issue Tracking;Third Party Advisory

CVEs referencing this url
https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/

Bar Mitzvah Attack in RC4 (CVE-2015-2808) - SecPod Blog
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

HPSBUX03512 SSRT102254 rev.2 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) and Other Vulnerabilities
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1230.html

RHSA-2015:1230 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1032910

Oracle Java SE Multiple Flaws Lets Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access Data, Modify Data, and Deny Service - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://kb.juniper.net/JSA10783

Juniper Networks - 2017-04 Security Bulletin: Multiple Vulnerabilities in NorthStar Controller Application before version 2.1.0 Service Pack 1.
Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=143817021313142&w=2

'[security bulletin] HPSBGN03372 rev.1 - HP Business Process Monitor using RC4, Remote Disclosure of ' - MARC
Issue Tracking;Third Party Advisory
http://www.securitytracker.com/id/1033071

IBM Systems Director TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1033737

HP P6000 Command View TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-1243.html

RHSA-2015:1243 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988

HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information
Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=144060576831314&w=2

'[security bulletin] HPSBGN03399 rev.1 - HP BSM Connector (BSMC), Remote Unauthorized Modification, D' - MARC
Issue Tracking;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

[security-announce] SUSE-SU-2015:2192-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html

[security-announce] SUSE-SU-2015:1138-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www-304.ibm.com/support/docview.wss?uid=swg21960769

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)
Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Oracle Critical Patch Update - July 2015
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/73684

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
Third Party Advisory;VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347

HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html

[security-announce] openSUSE-SU-2015:1289-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1032868

IBM Tivoli Netcool/OMNIbus TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1033415

HP Performance Manager TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-1229.html

RHSA-2015:1229 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=144104565600964&w=2

'[security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Di' - MARC
Issue Tracking;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

[security-announce] SUSE-SU-2015:2166-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922

HP Support for Technical Help and Troubleshooting | HP® Customer Service.
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256

HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html

[security-announce] SUSE-SU-2015:1161-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, Unauthorized Modification
Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=143818140118771&w=2

'[security bulletin] HPSBGN03366 rev.1 - HP Business Process Insight with RC4 Stream Cipher, Remote D' - MARC
Issue Tracking;Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140

HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information
Third Party Advisory

CVEs referencing this url
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935

HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1241.html

RHSA-2015:1241 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1032858

IBM Tivoli Netcool/OMNIbus TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker
Third Party Advisory;VDB Entry
http://marc.info/?l=bugtraq&m=144059660127919&w=2

'[security bulletin] HPSBGN03414 rev.1 - HP Operations Agent, Remote Disclosure of Information' - MARC
Issue Tracking;Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190

HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

[security-announce] SUSE-SU-2016:0113-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888

IBM IV71888: FIX SECURITY VULNERABILITY CVE-2015-2808
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html

[security-announce] openSUSE-SU-2015:1288-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html

[security-announce] SUSE-SU-2015:1073-1: important:
Mailing List;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1006.html

RHSA-2015:1006 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=144059703728085&w=2

'[security bulletin] HPSBGN03415 rev.1 - HP Operations Agent Virtual Appliance, Remote Disclosure of ' - MARC
Issue Tracking;Third Party Advisory
http://marc.info/?l=bugtraq&m=144043644216842&w=2

'[security bulletin] HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) f' - MARC
Issue Tracking;Third Party Advisory

CVEs referencing this url
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm

Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888

HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities
Third Party Advisory

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21883640

IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2015-2808

IBM » Cognos Metrics Manager » Version: 10.1
cpe:2.3:a:ibm:cognos_metrics_manager:10.1:*:*:*:*:*:*:*
Matching versions
IBM » Cognos Metrics Manager » Version: 10.1.1
cpe:2.3:a:ibm:cognos_metrics_manager:10.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Cognos Metrics Manager » Version: 10.2
cpe:2.3:a:ibm:cognos_metrics_manager:10.2:*:*:*:*:*:*:*
Matching versions
IBM » Cognos Metrics Manager » Version: 10.2.1
cpe:2.3:a:ibm:cognos_metrics_manager:10.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Cognos Metrics Manager » Version: 10.2.2
cpe:2.3:a:ibm:cognos_metrics_manager:10.2.2:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.1
cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Satellite » Version: 5.6
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 5.0
When used together with: Redhat » Enterprise Linux » Version: 6.0
Redhat » Satellite » Version: 5.7
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP3
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 12
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP4
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 10 Update SP4 Ltss Edition
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP3 For Vmware
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP1 Ltss Edition
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP2 Ltss Edition
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 12
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
Matching versions
Suse » Manager » Version: 1.7
cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*
Matching versions
When used together with: Suse » Linux Enterprise Server » Version: 11 Update SP2
Suse » Linux Enterprise Software Development Kit » Version: 11 Update SP3
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 12
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Debuginfo » Version: 11 Update SP4
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Debuginfo » Version: 11 Update SP3
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
Matching versions
Oracle » Http Server » Version: 11.1.1.7.0
cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:*
Matching versions
Oracle » Http Server » Version: 11.1.1.9.0
cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*
Matching versions
Oracle » Http Server » Version: 12.1.3.0.0
cpe:2.3:a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Http Server » Version: 12.2.1.1.0
cpe:2.3:a:oracle:http_server:12.2.1.1.0:*:*:*:*:*:*:*
Matching versions
Oracle » Http Server » Version: 12.2.1.2.0
cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*
Matching versions
Oracle » Integrated Lights Out Manager Firmware
Versions from including (>=) 3.0.0 and up to, including, (<=) 3.2.11
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*
Matching versions
Oracle » Integrated Lights Out Manager Firmware
Versions from including (>=) 4.0.0 and up to, including, (<=) 4.0.4
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Policy Management
Versions before (<) 9.9.2
cpe:2.3:a:oracle:communications_policy_management:*:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Application Session Controller
Versions from including (>=) 3.0.0 and up to, including, (<=) 3.9.0
cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*
Matching versions
Fujitsu » Sparc Enterprise M3000 Firmware
Versions from including (>=) xcp and before (<) xcp_1121
cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » Sparc Enterprise M3000 » Version: N/A
Fujitsu » Sparc Enterprise M4000 Firmware
Versions from including (>=) xcp and before (<) xcp_1121
cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » Sparc Enterprise M4000 » Version: N/A
Fujitsu » Sparc Enterprise M5000 Firmware
Versions from including (>=) xcp and before (<) xcp_1121
cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » Sparc Enterprise M5000 » Version: N/A
Fujitsu » Sparc Enterprise M8000 Firmware
Versions from including (>=) xcp and before (<) xcp_1121
cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » Sparc Enterprise M8000 » Version: N/A
Fujitsu » Sparc Enterprise M9000 Firmware
Versions from including (>=) xcp and before (<) xcp_1121
cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » Sparc Enterprise M9000 » Version: N/A
Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 15.04
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Huawei » Te60 Firmware » Version: N/A
cpe:2.3:o:huawei:te60_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Te60 » Version: N/A
Huawei » S7700 Firmware » Version: N/A
cpe:2.3:o:huawei:s7700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S5720ei Firmware » Version: N/A
cpe:2.3:o:huawei:s5720ei_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5720ei » Version: N/A
Huawei » S5720hi Firmware » Version: N/A
cpe:2.3:o:huawei:s5720hi_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5720hi » Version: N/A
Huawei » S12700 Firmware » Version: N/A
cpe:2.3:o:huawei:s12700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S12700 » Version: N/A
Huawei » Policy Center » Version: V100r003c00
cpe:2.3:a:huawei:policy_center:v100r003c00:*:*:*:*:*:*:*
Matching versions
Huawei » Policy Center » Version: V100r003c10
cpe:2.3:a:huawei:policy_center:v100r003c10:*:*:*:*:*:*:*
Matching versions
Huawei » S6700 Firmware » Version: N/A
cpe:2.3:o:huawei:s6700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S6700 » Version: N/A
Huawei » Quidway S9300 Firmware » Version: N/A
cpe:2.3:o:huawei:quidway_s9300_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Quidway S9300 » Version: N/A
Huawei » S2750 Firmware » Version: N/A
cpe:2.3:o:huawei:s2750_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S2750 » Version: N/A
Huawei » S2700 Firmware » Version: N/A
cpe:2.3:o:huawei:s2700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S2700 » Version: N/A
Huawei » S3700 Firmware » Version: N/A
cpe:2.3:o:huawei:s3700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S3700 » Version: N/A
Huawei » S5700ei Firmware » Version: N/A
cpe:2.3:o:huawei:s5700ei_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700ei » Version: N/A
Huawei » S5700si Firmware » Version: N/A
cpe:2.3:o:huawei:s5700si_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700si » Version: N/A
Huawei » S5700hi Firmware » Version: N/A
cpe:2.3:o:huawei:s5700hi_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700hi » Version: N/A
Huawei » S5710hi Firmware » Version: N/A
cpe:2.3:o:huawei:s5710hi_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5710hi » Version: N/A
Huawei » S5700li Firmware » Version: N/A
cpe:2.3:o:huawei:s5700li_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700li » Version: N/A
Huawei » E6000 Firmware » Version: N/A
cpe:2.3:o:huawei:e6000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » E6000 » Version: N/A
Huawei » E9000 Firmware » Version: N/A
cpe:2.3:o:huawei:e9000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » E9000 » Version: N/A
Huawei » Oceanstor 18500 Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_18500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor 18500 » Version: N/A
Huawei » Oceanstor 18800 Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_18800_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor 18800 » Version: N/A
Huawei » Oceanstor 18800f Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_18800f_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor 18800f » Version: N/A
Huawei » Oceanstor 9000 Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_9000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor 9000 » Version: N/A
Huawei » Oceanstor Cse Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_cse_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor Cse » Version: N/A
Huawei » Oceanstor Hvs85t Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor Hvs85t » Version: N/A
Huawei » Oceanstor S2600t Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_s2600t_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor S2600t » Version: N/A
Huawei » Oceanstor S5500t Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_s5500t_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor S5500t » Version: N/A
Huawei » Oceanstor S5600t Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_s5600t_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor S5600t » Version: N/A
Huawei » Oceanstor S5800t Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_s5800t_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor S5800t » Version: N/A
Huawei » Oceanstor S6800t Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_s6800t_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor S6800t » Version: N/A
Huawei » Oceanstor Vis6600t Firmware » Version: N/A
cpe:2.3:o:huawei:oceanstor_vis6600t_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Oceanstor Vis6600t » Version: N/A
Huawei » 9700 Firmware » Version: N/A
cpe:2.3:o:huawei:9700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » 9700 » Version: N/A
Huawei » S5710ei Firmware » Version: N/A
cpe:2.3:o:huawei:s5710ei_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5710ei » Version: N/A
Huawei » S5700s-li Firmware » Version: N/A
cpe:2.3:o:huawei:s5700s-li_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700s-li » Version: N/A
Huawei » Oceanstor Replicationdirector » Version: V100r003c00
cpe:2.3:a:huawei:oceanstor_replicationdirector:v100r003c00:*:*:*:*:*:*:*
Matching versions
Huawei » Smc2.0 » Version: V100r002c01
cpe:2.3:a:huawei:smc2.0:v100r002c01:*:*:*:*:*:*:*
Matching versions
Huawei » Smc2.0 » Version: V100r002c02
cpe:2.3:a:huawei:smc2.0:v100r002c02:*:*:*:*:*:*:*
Matching versions
Huawei » Smc2.0 » Version: V100r002c03
cpe:2.3:a:huawei:smc2.0:v100r002c03:*:*:*:*:*:*:*
Matching versions
Huawei » Smc2.0 » Version: V100r002c04
cpe:2.3:a:huawei:smc2.0:v100r002c04:*:*:*:*:*:*:*
Matching versions
Huawei » Ultravr » Version: V100r003c00
cpe:2.3:a:huawei:ultravr:v100r003c00:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-2808

Exploit prediction scoring system (EPSS) score for CVE-2015-2808

CVSS scores for CVE-2015-2808

CWE ids for CVE-2015-2808

References for CVE-2015-2808

Products affected by CVE-2015-2808