CVE-2015-2808 in Oracle HTTP Serverinformación

Resumen (Inglés)

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Reservar

2015-03-31

Divulgación

2015-03-31

Voces

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidad	CWE	Exp	Con	CVE
108091	Oracle HTTP Server Web Listener cifrado débil	310	No está definido	Arreglo oficial	CVE-2015-2808
90107	Oracle SPARC Enterprise M Server cifrado débil	310	No está definido	Arreglo oficial	CVE-2015-2808
90007	Oracle Communications Policy Management Security cifrado débil	310	No está definido	Arreglo oficial	CVE-2015-2808
74133	TLS Protocol/SSL Protocol RC4 Encryption Bar Mitzvah Attack cifrado débil	310	No probado	Solución alternativa	CVE-2015-2808

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

◂ AnteriorVisión De ConjuntoPróximo ▸

Want to know what is going to be exploited?

We predict KEV entries!