CVE-2015-2808

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

References

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

http://marc.info/?l=bugtraq&m=143456209711959&w=2

http://marc.info/?l=bugtraq&m=143629696317098&w=2

http://marc.info/?l=bugtraq&m=143741441012338&w=2

http://marc.info/?l=bugtraq&m=143817021313142&w=2

http://marc.info/?l=bugtraq&m=143817899717054&w=2

http://marc.info/?l=bugtraq&m=143818140118771&w=2

http://marc.info/?l=bugtraq&m=144043644216842&w=2

http://marc.info/?l=bugtraq&m=144059660127919&w=2

http://marc.info/?l=bugtraq&m=144059703728085&w=2

http://marc.info/?l=bugtraq&m=144060576831314&w=2

http://marc.info/?l=bugtraq&m=144060606031437&w=2

http://marc.info/?l=bugtraq&m=144069189622016&w=2

http://marc.info/?l=bugtraq&m=144102017024820&w=2

http://marc.info/?l=bugtraq&m=144104533800819&w=2

http://marc.info/?l=bugtraq&m=144104565600964&w=2

http://marc.info/?l=bugtraq&m=144493176821532&w=2

http://rhn.redhat.com/errata/RHSA-2015-1006.html

http://rhn.redhat.com/errata/RHSA-2015-1007.html

http://rhn.redhat.com/errata/RHSA-2015-1020.html

http://rhn.redhat.com/errata/RHSA-2015-1021.html

http://rhn.redhat.com/errata/RHSA-2015-1091.html

http://rhn.redhat.com/errata/RHSA-2015-1228.html

http://rhn.redhat.com/errata/RHSA-2015-1229.html

http://rhn.redhat.com/errata/RHSA-2015-1230.html

http://rhn.redhat.com/errata/RHSA-2015-1241.html

http://rhn.redhat.com/errata/RHSA-2015-1242.html

http://rhn.redhat.com/errata/RHSA-2015-1243.html

http://rhn.redhat.com/errata/RHSA-2015-1526.html

http://www.debian.org/security/2015/dsa-3316

http://www.debian.org/security/2015/dsa-3339

http://www.huawei.com/en/psirt/security-advisories/hw-454055

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/73684

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1032599

http://www.securitytracker.com/id/1032600

http://www.securitytracker.com/id/1032707

http://www.securitytracker.com/id/1032708

http://www.securitytracker.com/id/1032734

http://www.securitytracker.com/id/1032788

http://www.securitytracker.com/id/1032858

http://www.securitytracker.com/id/1032868

http://www.securitytracker.com/id/1032910

http://www.securitytracker.com/id/1032990

http://www.securitytracker.com/id/1033071

http://www.securitytracker.com/id/1033072

http://www.securitytracker.com/id/1033386

http://www.securitytracker.com/id/1033415

http://www.securitytracker.com/id/1033431

http://www.securitytracker.com/id/1033432

http://www.securitytracker.com/id/1033737

http://www.securitytracker.com/id/1033769

http://www.securitytracker.com/id/1036222

http://www.ubuntu.com/usn/USN-2696-1

http://www.ubuntu.com/usn/USN-2706-1

http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888

http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892

http://www-01.ibm.com/support/docview.wss?uid=swg21883640

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm

http://www-304.ibm.com/support/docview.wss?uid=swg21903565

http://www-304.ibm.com/support/docview.wss?uid=swg21960015

http://www-304.ibm.com/support/docview.wss?uid=swg21960769

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888

https://kb.juniper.net/JSA10783

https://kc.mcafee.com/corporate/index?page=content&id=SB10163

https://security.gentoo.org/glsa/201512-10

https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf

https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709

Details

Source: MITRE

Published: 2015-04-01

Updated: 2020-11-23

Type: CWE-327

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:* versions from 3.0.0 to 3.9.0 (inclusive)

cpe:2.3:a:oracle:communications_policy_management:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:http_server:12.1.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:http_server:12.2.1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:* versions from 3.0.0 to 3.2.11 (inclusive)

cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:* versions from 4.0.0 to 4.0.4 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*

OR

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

Configuration 6

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

OR

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 8

AND

OR

cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:fujitsu:sparc_enterprise_m3000:-:*:*:*:*:*:*:*

Configuration 9

AND

OR

cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:fujitsu:sparc_enterprise_m4000:-:*:*:*:*:*:*:*

Configuration 10

AND

OR

cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:fujitsu:sparc_enterprise_m5000:-:*:*:*:*:*:*:*

Configuration 11

AND

OR

cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:fujitsu:sparc_enterprise_m8000:-:*:*:*:*:*:*:*

Configuration 12

AND

OR

cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:fujitsu:sparc_enterprise_m9000:-:*:*:*:*:*:*:*

Configuration 13

AND

OR

cpe:2.3:o:huawei:e6000_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:e6000:-:*:*:*:*:*:*:*

Configuration 14

AND

OR

cpe:2.3:o:huawei:e9000_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:e9000:-:*:*:*:*:*:*:*

Configuration 15

AND

OR

cpe:2.3:o:huawei:oceanstor_18500_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_18500:-:*:*:*:*:*:*:*

Configuration 16

AND

OR

cpe:2.3:o:huawei:oceanstor_18800_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_18800:-:*:*:*:*:*:*:*

Configuration 17

AND

OR

cpe:2.3:o:huawei:oceanstor_18800f_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_18800f:-:*:*:*:*:*:*:*

Configuration 18

AND

OR

cpe:2.3:o:huawei:oceanstor_9000_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_9000:-:*:*:*:*:*:*:*

Configuration 19

AND

OR

cpe:2.3:o:huawei:oceanstor_cse_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_cse:-:*:*:*:*:*:*:*

Configuration 20

AND

OR

cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_hvs85t:-:*:*:*:*:*:*:*

Configuration 21

AND

OR

cpe:2.3:o:huawei:oceanstor_s2600t_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_s2600t:-:*:*:*:*:*:*:*

Configuration 22

AND

OR

cpe:2.3:o:huawei:oceanstor_s5500t_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_s5500t:-:*:*:*:*:*:*:*

Configuration 23

AND

OR

cpe:2.3:o:huawei:oceanstor_s5600t_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_s5600t:-:*:*:*:*:*:*:*

Configuration 24

AND

OR

cpe:2.3:o:huawei:oceanstor_s5800t_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_s5800t:-:*:*:*:*:*:*:*

Configuration 25

AND

OR

cpe:2.3:o:huawei:oceanstor_s6800t_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_s6800t:-:*:*:*:*:*:*:*

Configuration 26

AND

OR

cpe:2.3:o:huawei:oceanstor_vis6600t_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:oceanstor_vis6600t:-:*:*:*:*:*:*:*

Configuration 27

AND

OR

cpe:2.3:o:huawei:quidway_s9300_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:quidway_s9300:-:*:*:*:*:*:*:*

Configuration 28

AND

OR

cpe:2.3:o:huawei:s7700_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Configuration 29

AND

OR

cpe:2.3:o:huawei:s7700_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Configuration 30

AND

OR

cpe:2.3:o:huawei:9700_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:9700:-:*:*:*:*:*:*:*

Configuration 31

AND

OR

cpe:2.3:o:huawei:9700_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:9700:-:*:*:*:*:*:*:*

Configuration 32

AND

OR

cpe:2.3:o:huawei:s12700_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*

Configuration 33

AND

OR

cpe:2.3:o:huawei:s12700_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*

Configuration 34

AND

OR

cpe:2.3:o:huawei:s2700_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s2700:-:*:*:*:*:*:*:*

Configuration 35

AND

OR

cpe:2.3:o:huawei:s3700_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s3700:-:*:*:*:*:*:*:*

Configuration 36

AND

OR

cpe:2.3:o:huawei:s5700ei_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5700ei:-:*:*:*:*:*:*:*

Configuration 37

AND

OR

cpe:2.3:o:huawei:s5700hi_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5700hi:-:*:*:*:*:*:*:*

Configuration 38

AND

OR

cpe:2.3:o:huawei:s5700si_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5700si:-:*:*:*:*:*:*:*

Configuration 39

AND

OR

cpe:2.3:o:huawei:s5710ei_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5710ei:-:*:*:*:*:*:*:*

Configuration 40

AND

OR

cpe:2.3:o:huawei:s5710hi_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5710hi:-:*:*:*:*:*:*:*

Configuration 41

AND

OR

cpe:2.3:o:huawei:s6700_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*

Configuration 42

AND

OR

cpe:2.3:o:huawei:s2750_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s2750:-:*:*:*:*:*:*:*

Configuration 43

AND

OR

cpe:2.3:o:huawei:s5700li_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5700li:-:*:*:*:*:*:*:*

Configuration 44

AND

OR

cpe:2.3:o:huawei:s5700s-li_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5700s-li:-:*:*:*:*:*:*:*

Configuration 45

AND

OR

cpe:2.3:o:huawei:s5720hi_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5720hi:-:*:*:*:*:*:*:*

Configuration 46

AND

OR

cpe:2.3:o:huawei:s2750_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s2750:-:*:*:*:*:*:*:*

Configuration 47

AND

OR

cpe:2.3:o:huawei:s5700li_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5700li:-:*:*:*:*:*:*:*

Configuration 48

AND

OR

cpe:2.3:o:huawei:s5700s-li_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5700s-li:-:*:*:*:*:*:*:*

Configuration 49

AND

OR

cpe:2.3:o:huawei:s5720hi_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5720hi:-:*:*:*:*:*:*:*

Configuration 50

AND

OR

cpe:2.3:o:huawei:s5720ei_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:s5720ei:-:*:*:*:*:*:*:*

Configuration 51

AND

OR

cpe:2.3:o:huawei:te60_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*

Configuration 52

OR

cpe:2.3:a:huawei:oceanstor_replicationdirector:v100r003c00:*:*:*:*:*:*:*

cpe:2.3:a:huawei:policy_center:v100r003c00:*:*:*:*:*:*:*

cpe:2.3:a:huawei:policy_center:v100r003c10:*:*:*:*:*:*:*

cpe:2.3:a:huawei:smc2.0:v100r002c01:*:*:*:*:*:*:*

cpe:2.3:a:huawei:smc2.0:v100r002c02:*:*:*:*:*:*:*

cpe:2.3:a:huawei:smc2.0:v100r002c03:*:*:*:*:*:*:*

cpe:2.3:a:huawei:smc2.0:v100r002c04:*:*:*:*:*:*:*

cpe:2.3:a:huawei:ultravr:v100r003c00:*:*:*:*:*:*:*

Configuration 53

OR

cpe:2.3:a:ibm:cognos_metrics_manager:10.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_metrics_manager:10.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_metrics_manager:10.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_metrics_manager:10.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_metrics_manager:10.2.2:*:*:*:*:*:*:*

Tenable Plugins

View all (88 total)

IDNameProductFamilySeverity
144303IBM HTTP Server 8.5.0.0 <= 8.5.5.5 / 8.0.0.0 <= 8.0.0.10 / 7.0.0.0 <= 7.0.0.37 Information Disclosure (260001)NessusWeb Servers
medium
700651Oracle Java SE Multiple 6 < Update 101 / 7 < Update 85 / 8 < Update 51 Multiple Vulnerabilities (July 2015 CPU) (Bar Mitzvah)Nessus Network MonitorWeb Clients
critical
119972SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2192-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
119969SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:1345-1) (Bar Mitzvah) (Logjam)NessusSuSE Local Security Checks
low
119967SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:1161-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
106458SSL/TLS Services Support RC4 (PCI DSS)NessusGeneral
medium
105000Check Point Gaia Operating System Multiple Vulnerabilities (sk106499)NessusFirewalls
medium
9736Atlassian JIRA 6.4.x < 6.4.10 CSRF / XSRF (Bar Mitzvah)Nessus Network MonitorCGI
low
9716IBM WebSphere Application Server 8.5 < 8.5.5.6 Multiple Vulnerabilities (FREAK)Nessus Network MonitorWeb Servers
high
9713IBM WebSphere Application Server 8.0 < 8.0.0.11 Multiple Vulnerabilities (FREAK)Nessus Network MonitorWeb Servers
high
9700IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)Nessus Network MonitorWeb Servers
high
92542Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (July 2016 CPU)NessusWeb Servers
low
92045Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)NessusCISCO
critical
91779Juniper Junos Space < 15.1R2 Multiple Vulnerabilities (JSA10727) (Bar Mitzvah) (Logjam)NessusJunos Local Security Checks
high
91633IBM Storwize SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)NessusMisc.
medium
90796HP Data Protector 7.0x < 7.03 build 108 / 8.1x < 8.15 / 9.0x < 9.06 Multiple Vulnerabilities (HPSBGN03580) (Bar Mitzvah)NessusMisc.
critical
9198IBM DB2 10.5 < Fix Pack 6 Multiple Vulnerabilities (Bar Mitzvah)Nessus Network MonitorDatabase
critical
9197IBM DB2 10.1 < Fix Pack 5 Multiple Vulnerabilities (Bar Mitzvah)Nessus Network MonitorDatabase
critical
88993AIX 7.1 TL 3 : bos.net.tcp.server (U867669) (Bar Mitzvah)NessusAIX Local Security Checks
medium
87914SUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0113-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
87765IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (Logjam)NessusWindows
high
87764IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Linux) (Bar Mitzvah) (FREAK) (Logjam)NessusDatabases
high
87710GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)NessusGentoo Local Security Checks
critical
87538IBM HTTP Server SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)NessusWeb Servers
medium
87218Atlassian JIRA < 6.4.10 / 7.0.0-OD-02 MitM Plaintext Disclosure (Bar Mitzvah)NessusCGI abuses
medium
87185AIX 6.1 TL 9 : bos.net.tcp.server (U863668) (Bar Mitzvah)NessusAIX Local Security Checks
medium
87180SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2166-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
86569Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2015 CPU)NessusWeb Servers
high
8970Apache HTTP Server 2.4.x < 2.4.16 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
86010F5 Networks BIG-IP : SSL/TLS RC4 vulnerability (K16864) (Bar Mitzvah)NessusF5 Networks Local Security Checks
medium
86002IBM DB2 10.5 < Fix Pack 6 Multiple Vulnerabilities (Bar Mitzvah)NessusDatabases
critical
85869SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2015:1509-1) (Bar Mitzvah) (Logjam)NessusSuSE Local Security Checks
low
85695Debian DLA-303-1 : openjdk-6 security update (Bar Mitzvah) (Logjam)NessusDebian Local Security Checks
low
85631Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-586) (Bar Mitzvah) (Logjam)NessusAmazon Linux Local Security Checks
low
85588Debian DSA-3339-1 : openjdk-6 - security update (Bar Mitzvah) (Logjam)NessusDebian Local Security Checks
low
85379SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1375-1) (Bar Mitzvah) (Logjam)NessusSuSE Local Security Checks
low
85265Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-2706-1) (Bar Mitzvah) (Logjam)NessusUbuntu Local Security Checks
low
85214SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2015:1331-1) (Bar Mitzvah) (Logjam)NessusSuSE Local Security Checks
low
85213SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2015:1329-1) (Bar Mitzvah) (Logjam)NessusSuSE Local Security Checks
low
85212Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20150730) (Bar Mitzvah) (Logjam)NessusScientific Linux Local Security Checks
low
85154Ubuntu 14.04 LTS / 15.04 : openjdk-7 vulnerabilities (USN-2696-1) (Bar Mitzvah) (Logjam)NessusUbuntu Local Security Checks
low
85153SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1320-1) (Bar Mitzvah) (Logjam)NessusSuSE Local Security Checks
low
85152SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1319-1) (Bar Mitzvah) (Logjam)NessusSuSE Local Security Checks
low
85149RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:1526) (Bar Mitzvah) (Logjam)NessusRed Hat Local Security Checks
low
85137Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-1526) (Bar Mitzvah) (Logjam)NessusOracle Linux Local Security Checks
low
85127CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:1526) (Bar Mitzvah) (Logjam)NessusCentOS Local Security Checks
low
85031Debian DSA-3316-1 : openjdk-7 - security update (Bar Mitzvah) (Logjam)NessusDebian Local Security Checks
low
85002openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-512) (Bar Mitzvah) (Logjam)NessusSuSE Local Security Checks
low
85001openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-511) (Bar Mitzvah) (Logjam)NessusSuSE Local Security Checks
low
84931Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-571) (Bar Mitzvah) (Logjam)NessusAmazon Linux Local Security Checks
medium
84930Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-570) (Bar Mitzvah) (Logjam)NessusAmazon Linux Local Security Checks
low
84873RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:1243) (Bar Mitzvah) (Logjam)NessusRed Hat Local Security Checks
low
84872RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:1242) (Bar Mitzvah) (Logjam)NessusRed Hat Local Security Checks
low
84871RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:1241) (Bar Mitzvah) (Logjam)NessusRed Hat Local Security Checks
low
84828IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (TLS POODLE)NessusDatabases
high
84826IBM DB2 10.1 < Fix Pack 5 Multiple Vulnerabilities (Bar Mitzvah)NessusDatabases
critical
84825Oracle Java SE Multiple Vulnerabilities (July 2015 CPU) (Unix) (Bar Mitzvah)NessusMisc.
critical
84824Oracle Java SE Multiple Vulnerabilities (July 2015 CPU) (Bar Mitzvah)NessusWindows
critical
84817Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2015-1230) (Bar Mitzvah) (Logjam)NessusOracle Linux Local Security Checks
low
84808Oracle JRockit R28 < R28.3.7 Multiple Vulnerabilities (July 2015 CPU) (Bar Mitzvah) (Logjam)NessusWindows
high
84793Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20150715) (Bar Mitzvah) (Logjam)NessusScientific Linux Local Security Checks
medium
84792Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20150715) (Bar Mitzvah) (Logjam)NessusScientific Linux Local Security Checks
low
84791Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20150715) (Bar Mitzvah) (Logjam)NessusScientific Linux Local Security Checks
low
84789RHEL 5 : java-1.7.0-openjdk (RHSA-2015:1230) (Bar Mitzvah) (Logjam)NessusRed Hat Local Security Checks
low
84788RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:1229) (Bar Mitzvah) (Logjam)NessusRed Hat Local Security Checks
low
84787RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:1228) (Bar Mitzvah) (Logjam)NessusRed Hat Local Security Checks
medium
84785Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-1229) (Bar Mitzvah) (Logjam)NessusOracle Linux Local Security Checks
low
84784Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2015-1228) (Bar Mitzvah) (Logjam)NessusOracle Linux Local Security Checks
medium
84772CentOS 5 : java-1.7.0-openjdk (CESA-2015:1230) (Bar Mitzvah) (Logjam)NessusCentOS Local Security Checks
low
84771CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2015:1229) (Bar Mitzvah) (Logjam)NessusCentOS Local Security Checks
low
84770CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:1228) (Bar Mitzvah) (Logjam)NessusCentOS Local Security Checks
medium
84639IBM WebSphere Application Server 7.0 < 7.0.0.39 (FP39) / 8.0 < 8.0.0.11 (FP11) / 8.5 < 8.5.5.6 (FP6) Multiple Vulnerabilities (Bar Mitzvah) (FREAK)NessusWeb Servers
high
84441SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1086-4) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84425SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1138-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84423SUSE SLES11 Security Update : Java (SUSE-SU-2015:1086-3) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84337SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-2) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84286SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84285SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1085-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84260SUSE SLES12 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1073-1) (Bar Mitzvah)NessusSuSE Local Security Checks
critical
84143RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:1091) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
84087AIX Java Advisory : java_april2015_advisory.asc (Bar Mitzvah) (FREAK)NessusAIX Local Security Checks
critical
83754RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:1021) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
83753RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:1020) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
83433RHEL 5 : java-1.7.0-ibm (RHSA-2015:1007) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
83432RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2015:1006) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
83135AIX Java Advisory : Multiple Vulnerabilities (Bar Mitzvah)NessusAIX Local Security Checks
medium
81002Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)NessusWeb Servers
high
65821SSL RC4 Cipher Suites Supported (Bar Mitzvah)NessusGeneral
medium