NVD脆弱性詳細

CVE-2015-2808

概要	The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
公表日	2015年4月1日11:00
登録日	2021年1月26日14:48
最終更新日	2024年11月21日11:28

CVSS2.0 : MEDIUM
スコア	5.0
ベクター	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:http_server:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:http_server:12.2.1.2.0:::::::*
cpe:2.3:a:oracle:http_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:http_server:11.1.1.7.0:::::::*
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware::::::::	4.0.0	4.0.4
cpe:2.3:o:oracle:integrated_lights_out_manager_firmware::::::::	3.0.0	3.2.11
cpe:2.3:a:oracle:communications_application_session_controller::::::::	3.0.0	3.9.0
cpe:2.3:a:oracle:http_server:12.2.1.1.0:::::::*
cpe:2.3:a:oracle:communications_policy_management::::::::				9.9.2

構成2	以上	以下	より上	未満
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:7.0:::::::*

構成3	以上	以下	より上	未満
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:a:redhat:satellite:5.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*

構成4	以上	以下	より上	未満
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*
cpe:2.3:o:opensuse:opensuse:13.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*
cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::
cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::

構成5		以上	以下	より上	未満
cpe:2.3:a:suse:manager:1.7:::::::*
実行環境
1	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::*

構成6	以上	以下	より上	未満
cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::

構成7		以上	以下	より上	未満
cpe:2.3:a:redhat:satellite:5.6:::::::*
実行環境
1	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
2	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

構成8		以上	以下	より上	未満
cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware::::::::		xcp			xcp_1121
実行環境
1	cpe:2.3:h:fujitsu:sparc_enterprise_m3000:-:::::::*

構成9		以上	以下	より上	未満
cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware::::::::		xcp			xcp_1121
実行環境
1	cpe:2.3:h:fujitsu:sparc_enterprise_m4000:-:::::::*

構成10		以上	以下	より上	未満
cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware::::::::		xcp			xcp_1121
実行環境
1	cpe:2.3:h:fujitsu:sparc_enterprise_m5000:-:::::::*

構成11		以上	以下	より上	未満
cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware::::::::		xcp			xcp_1121
実行環境
1	cpe:2.3:h:fujitsu:sparc_enterprise_m8000:-:::::::*

構成12		以上	以下	より上	未満
cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware::::::::		xcp			xcp_1121
実行環境
1	cpe:2.3:h:fujitsu:sparc_enterprise_m9000:-:::::::*

構成13		以上	以下	より上	未満
cpe:2.3:o:huawei:e6000_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:e6000:-:::::::*

構成14		以上	以下	より上	未満
cpe:2.3:o:huawei:e9000_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:e9000:-:::::::*

構成15		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_18500_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_18500:-:::::::*

構成16		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_18800_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_18800:-:::::::*

構成17		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_18800f_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_18800f:-:::::::*

構成18		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_9000_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_9000:-:::::::*

構成19		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_cse_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_cse:-:::::::*

構成20		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_hvs85t:-:::::::*

構成21		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_s2600t_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_s2600t:-:::::::*

構成22		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_s5500t_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_s5500t:-:::::::*

構成23		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_s5600t_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_s5600t:-:::::::*

構成24		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_s5800t_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_s5800t:-:::::::*

構成25		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_s6800t_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_s6800t:-:::::::*

構成26		以上	以下	より上	未満
cpe:2.3:o:huawei:oceanstor_vis6600t_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:oceanstor_vis6600t:-:::::::*

構成27		以上	以下	より上	未満
cpe:2.3:o:huawei:quidway_s9300_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:quidway_s9300:-:::::::*

構成28		以上	以下	より上	未満
cpe:2.3:o:huawei:s7700_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s7700:-:::::::*

構成29		以上	以下	より上	未満
cpe:2.3:o:huawei:s7700_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s7700:-:::::::*

構成30		以上	以下	より上	未満
cpe:2.3:o:huawei:9700_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:9700:-:::::::*

構成31		以上	以下	より上	未満
cpe:2.3:o:huawei:9700_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:9700:-:::::::*

構成32		以上	以下	より上	未満
cpe:2.3:o:huawei:s12700_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s12700:-:::::::*

構成33		以上	以下	より上	未満
cpe:2.3:o:huawei:s12700_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s12700:-:::::::*

構成34		以上	以下	より上	未満
cpe:2.3:o:huawei:s2700_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s2700:-:::::::*

構成35		以上	以下	より上	未満
cpe:2.3:o:huawei:s3700_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s3700:-:::::::*

構成36		以上	以下	より上	未満
cpe:2.3:o:huawei:s5700ei_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5700ei:-:::::::*

構成37		以上	以下	より上	未満
cpe:2.3:o:huawei:s5700hi_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5700hi:-:::::::*

構成38		以上	以下	より上	未満
cpe:2.3:o:huawei:s5700si_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5700si:-:::::::*

構成39		以上	以下	より上	未満
cpe:2.3:o:huawei:s5710ei_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5710ei:-:::::::*

構成40		以上	以下	より上	未満
cpe:2.3:o:huawei:s5710hi_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5710hi:-:::::::*

構成41		以上	以下	より上	未満
cpe:2.3:o:huawei:s6700_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s6700:-:::::::*

構成42		以上	以下	より上	未満
cpe:2.3:o:huawei:s2750_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s2750:-:::::::*

構成43		以上	以下	より上	未満
cpe:2.3:o:huawei:s5700li_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5700li:-:::::::*

構成44		以上	以下	より上	未満
cpe:2.3:o:huawei:s5700s-li_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5700s-li:-:::::::*

構成45		以上	以下	より上	未満
cpe:2.3:o:huawei:s5720hi_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5720hi:-:::::::*

構成46		以上	以下	より上	未満
cpe:2.3:o:huawei:s2750_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s2750:-:::::::*

構成47		以上	以下	より上	未満
cpe:2.3:o:huawei:s5700li_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5700li:-:::::::*

構成48		以上	以下	より上	未満
cpe:2.3:o:huawei:s5700s-li_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5700s-li:-:::::::*

構成49		以上	以下	より上	未満
cpe:2.3:o:huawei:s5720hi_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5720hi:-:::::::*

構成50		以上	以下	より上	未満
cpe:2.3:o:huawei:s5720ei_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:s5720ei:-:::::::*

構成51		以上	以下	より上	未満
cpe:2.3:o:huawei:te60_firmware:-:::::::*
実行環境
1	cpe:2.3:h:huawei:te60:-:::::::*

構成52	以上	以下	より上	未満
cpe:2.3:a:huawei:policy_center:v100r003c10:::::::*
cpe:2.3:a:huawei:policy_center:v100r003c00:::::::*
cpe:2.3:a:huawei:smc2.0:v100r002c01:::::::*
cpe:2.3:a:huawei:smc2.0:v100r002c02:::::::*
cpe:2.3:a:huawei:smc2.0:v100r002c03:::::::*
cpe:2.3:a:huawei:smc2.0:v100r002c04:::::::*
cpe:2.3:a:huawei:ultravr:v100r003c00:::::::*
cpe:2.3:a:huawei:oceanstor_replicationdirector:v100r003c00:::::::*

構成53	以上	以下	より上	未満
cpe:2.3:a:ibm:cognos_metrics_manager:10.2.1:::::::*
cpe:2.3:a:ibm:cognos_metrics_manager:10.2:::::::*
cpe:2.3:a:ibm:cognos_metrics_manager:10.1.1:::::::*
cpe:2.3:a:ibm:cognos_metrics_manager:10.1:::::::*
cpe:2.3:a:ibm:cognos_metrics_manager:10.2.2:::::::*

関連情報、対策とツール

No	URL	タグ
1	http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034	Third Party Advisory
2	http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034	Third Party Advisory
3	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	Third Party Advisory
4	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	Third Party Advisory
5	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727	Third Party Advisory
6	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727	Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html	Mailing List Third Party Advisory
13	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html	Mailing List Third Party Advisory
14	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html	Mailing List Third Party Advisory
15	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html	Mailing List Third Party Advisory
16	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html	Mailing List Third Party Advisory
17	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html	Mailing List Third Party Advisory
18	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html	Mailing List Third Party Advisory
19	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html	Mailing List Third Party Advisory
20	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html	Mailing List Third Party Advisory
21	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html	Mailing List Third Party Advisory
22	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html	Mailing List Third Party Advisory
23	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html	Mailing List Third Party Advisory
24	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html	Mailing List Third Party Advisory
25	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html	Mailing List Third Party Advisory
26	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html	Mailing List Third Party Advisory
27	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html	Mailing List Third Party Advisory
28	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html	Mailing List Third Party Advisory
29	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html	Mailing List Third Party Advisory
30	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html	Mailing List Third Party Advisory
31	http://marc.info/?l=bugtraq&m=143456209711959&w=2	Issue Tracking Third Party Advisory
32	http://marc.info/?l=bugtraq&m=143456209711959&w=2	Issue Tracking Third Party Advisory
33	http://marc.info/?l=bugtraq&m=143629696317098&w=2	Issue Tracking Third Party Advisory
34	http://marc.info/?l=bugtraq&m=143629696317098&w=2	Issue Tracking Third Party Advisory
35	http://marc.info/?l=bugtraq&m=143741441012338&w=2	Issue Tracking Third Party Advisory
36	http://marc.info/?l=bugtraq&m=143741441012338&w=2	Issue Tracking Third Party Advisory
37	http://marc.info/?l=bugtraq&m=143741441012338&w=2	Issue Tracking Third Party Advisory
38	http://marc.info/?l=bugtraq&m=143741441012338&w=2	Issue Tracking Third Party Advisory
39	http://marc.info/?l=bugtraq&m=143817021313142&w=2	Issue Tracking Third Party Advisory
40	http://marc.info/?l=bugtraq&m=143817021313142&w=2	Issue Tracking Third Party Advisory
41	http://marc.info/?l=bugtraq&m=143817021313142&w=2	Issue Tracking Third Party Advisory
42	http://marc.info/?l=bugtraq&m=143817021313142&w=2	Issue Tracking Third Party Advisory
43	http://marc.info/?l=bugtraq&m=143817899717054&w=2	Issue Tracking Third Party Advisory
44	http://marc.info/?l=bugtraq&m=143817899717054&w=2	Issue Tracking Third Party Advisory
45	http://marc.info/?l=bugtraq&m=143817899717054&w=2	Issue Tracking Third Party Advisory
46	http://marc.info/?l=bugtraq&m=143817899717054&w=2	Issue Tracking Third Party Advisory
47	http://marc.info/?l=bugtraq&m=143818140118771&w=2	Issue Tracking Third Party Advisory
48	http://marc.info/?l=bugtraq&m=143818140118771&w=2	Issue Tracking Third Party Advisory
49	http://marc.info/?l=bugtraq&m=143818140118771&w=2	Issue Tracking Third Party Advisory
50	http://marc.info/?l=bugtraq&m=143818140118771&w=2	Issue Tracking Third Party Advisory
51	http://marc.info/?l=bugtraq&m=144043644216842&w=2	Issue Tracking Third Party Advisory
52	http://marc.info/?l=bugtraq&m=144043644216842&w=2	Issue Tracking Third Party Advisory
53	http://marc.info/?l=bugtraq&m=144059660127919&w=2	Issue Tracking Third Party Advisory
54	http://marc.info/?l=bugtraq&m=144059660127919&w=2	Issue Tracking Third Party Advisory
55	http://marc.info/?l=bugtraq&m=144059703728085&w=2	Issue Tracking Third Party Advisory
56	http://marc.info/?l=bugtraq&m=144059703728085&w=2	Issue Tracking Third Party Advisory
57	http://marc.info/?l=bugtraq&m=144060576831314&w=2	Issue Tracking Third Party Advisory
58	http://marc.info/?l=bugtraq&m=144060576831314&w=2	Issue Tracking Third Party Advisory
59	http://marc.info/?l=bugtraq&m=144060606031437&w=2	Issue Tracking Third Party Advisory
60	http://marc.info/?l=bugtraq&m=144060606031437&w=2	Issue Tracking Third Party Advisory
61	http://marc.info/?l=bugtraq&m=144069189622016&w=2	Issue Tracking Third Party Advisory
62	http://marc.info/?l=bugtraq&m=144069189622016&w=2	Issue Tracking Third Party Advisory
63	http://marc.info/?l=bugtraq&m=144102017024820&w=2	Issue Tracking Third Party Advisory
64	http://marc.info/?l=bugtraq&m=144102017024820&w=2	Issue Tracking Third Party Advisory
65	http://marc.info/?l=bugtraq&m=144104533800819&w=2	Issue Tracking Third Party Advisory
66	http://marc.info/?l=bugtraq&m=144104533800819&w=2	Issue Tracking Third Party Advisory
67	http://marc.info/?l=bugtraq&m=144104565600964&w=2	Issue Tracking Third Party Advisory
68	http://marc.info/?l=bugtraq&m=144104565600964&w=2	Issue Tracking Third Party Advisory
69	http://marc.info/?l=bugtraq&m=144493176821532&w=2	Issue Tracking Third Party Advisory
70	http://marc.info/?l=bugtraq&m=144493176821532&w=2	Issue Tracking Third Party Advisory
71	http://marc.info/?l=bugtraq&m=144493176821532&w=2	Issue Tracking Third Party Advisory
72	http://marc.info/?l=bugtraq&m=144493176821532&w=2	Issue Tracking Third Party Advisory
73	http://rhn.redhat.com/errata/RHSA-2015-1006.html	Third Party Advisory
74	http://rhn.redhat.com/errata/RHSA-2015-1006.html	Third Party Advisory
75	http://rhn.redhat.com/errata/RHSA-2015-1007.html	Third Party Advisory
76	http://rhn.redhat.com/errata/RHSA-2015-1007.html	Third Party Advisory
77	http://rhn.redhat.com/errata/RHSA-2015-1020.html	Third Party Advisory
78	http://rhn.redhat.com/errata/RHSA-2015-1020.html	Third Party Advisory
79	http://rhn.redhat.com/errata/RHSA-2015-1021.html	Third Party Advisory
80	http://rhn.redhat.com/errata/RHSA-2015-1021.html	Third Party Advisory
81	http://rhn.redhat.com/errata/RHSA-2015-1091.html	Third Party Advisory
82	http://rhn.redhat.com/errata/RHSA-2015-1091.html	Third Party Advisory
83	http://rhn.redhat.com/errata/RHSA-2015-1228.html	Third Party Advisory
84	http://rhn.redhat.com/errata/RHSA-2015-1228.html	Third Party Advisory
85	http://rhn.redhat.com/errata/RHSA-2015-1229.html	Third Party Advisory
86	http://rhn.redhat.com/errata/RHSA-2015-1229.html	Third Party Advisory
87	http://rhn.redhat.com/errata/RHSA-2015-1230.html	Third Party Advisory
88	http://rhn.redhat.com/errata/RHSA-2015-1230.html	Third Party Advisory
89	http://rhn.redhat.com/errata/RHSA-2015-1241.html	Third Party Advisory
90	http://rhn.redhat.com/errata/RHSA-2015-1241.html	Third Party Advisory
91	http://rhn.redhat.com/errata/RHSA-2015-1242.html	Third Party Advisory
92	http://rhn.redhat.com/errata/RHSA-2015-1242.html	Third Party Advisory
93	http://rhn.redhat.com/errata/RHSA-2015-1243.html	Third Party Advisory
94	http://rhn.redhat.com/errata/RHSA-2015-1243.html	Third Party Advisory
95	http://rhn.redhat.com/errata/RHSA-2015-1526.html	Third Party Advisory
96	http://rhn.redhat.com/errata/RHSA-2015-1526.html	Third Party Advisory
97	http://www.debian.org/security/2015/dsa-3316	Third Party Advisory
98	http://www.debian.org/security/2015/dsa-3316	Third Party Advisory
99	http://www.debian.org/security/2015/dsa-3339	Third Party Advisory
100	http://www.debian.org/security/2015/dsa-3339	Third Party Advisory
101	http://www.huawei.com/en/psirt/security-advisories/hw-454055	Third Party Advisory
102	http://www.huawei.com/en/psirt/security-advisories/hw-454055	Third Party Advisory
103	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Third Party Advisory
104	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Third Party Advisory
105	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Third Party Advisory
106	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Third Party Advisory
107	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Third Party Advisory
108	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Third Party Advisory
109	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Third Party Advisory
110	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Third Party Advisory
111	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Third Party Advisory
112	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Third Party Advisory
113	http://www.securityfocus.com/bid/73684	Third Party Advisory VDB Entry
114	http://www.securityfocus.com/bid/73684	Third Party Advisory VDB Entry
115	http://www.securityfocus.com/bid/91787	Third Party Advisory VDB Entry
116	http://www.securityfocus.com/bid/91787	Third Party Advisory VDB Entry
117	http://www.securitytracker.com/id/1032599	Third Party Advisory VDB Entry
118	http://www.securitytracker.com/id/1032599	Third Party Advisory VDB Entry
119	http://www.securitytracker.com/id/1032600	Third Party Advisory VDB Entry
120	http://www.securitytracker.com/id/1032600	Third Party Advisory VDB Entry
121	http://www.securitytracker.com/id/1032707	Third Party Advisory VDB Entry
122	http://www.securitytracker.com/id/1032707	Third Party Advisory VDB Entry
123	http://www.securitytracker.com/id/1032708	Third Party Advisory VDB Entry
124	http://www.securitytracker.com/id/1032708	Third Party Advisory VDB Entry
125	http://www.securitytracker.com/id/1032734	Third Party Advisory VDB Entry
126	http://www.securitytracker.com/id/1032734	Third Party Advisory VDB Entry
127	http://www.securitytracker.com/id/1032788	Third Party Advisory VDB Entry
128	http://www.securitytracker.com/id/1032788	Third Party Advisory VDB Entry
129	http://www.securitytracker.com/id/1032858	Third Party Advisory VDB Entry
130	http://www.securitytracker.com/id/1032858	Third Party Advisory VDB Entry
131	http://www.securitytracker.com/id/1032868	Third Party Advisory VDB Entry
132	http://www.securitytracker.com/id/1032868	Third Party Advisory VDB Entry
133	http://www.securitytracker.com/id/1032910	Third Party Advisory VDB Entry
134	http://www.securitytracker.com/id/1032910	Third Party Advisory VDB Entry
135	http://www.securitytracker.com/id/1032990	Third Party Advisory VDB Entry
136	http://www.securitytracker.com/id/1032990	Third Party Advisory VDB Entry
137	http://www.securitytracker.com/id/1033071	Third Party Advisory VDB Entry
138	http://www.securitytracker.com/id/1033071	Third Party Advisory VDB Entry
139	http://www.securitytracker.com/id/1033072	Third Party Advisory VDB Entry
140	http://www.securitytracker.com/id/1033072	Third Party Advisory VDB Entry
141	http://www.securitytracker.com/id/1033386	Third Party Advisory VDB Entry
142	http://www.securitytracker.com/id/1033386	Third Party Advisory VDB Entry
143	http://www.securitytracker.com/id/1033415	Third Party Advisory VDB Entry
144	http://www.securitytracker.com/id/1033415	Third Party Advisory VDB Entry
145	http://www.securitytracker.com/id/1033431	Third Party Advisory VDB Entry
146	http://www.securitytracker.com/id/1033431	Third Party Advisory VDB Entry
147	http://www.securitytracker.com/id/1033432	Third Party Advisory VDB Entry
148	http://www.securitytracker.com/id/1033432	Third Party Advisory VDB Entry
149	http://www.securitytracker.com/id/1033737	Third Party Advisory VDB Entry
150	http://www.securitytracker.com/id/1033737	Third Party Advisory VDB Entry
151	http://www.securitytracker.com/id/1033769	Third Party Advisory VDB Entry
152	http://www.securitytracker.com/id/1033769	Third Party Advisory VDB Entry
153	http://www.securitytracker.com/id/1036222	Third Party Advisory VDB Entry
154	http://www.securitytracker.com/id/1036222	Third Party Advisory VDB Entry
155	http://www.ubuntu.com/usn/USN-2696-1	Third Party Advisory
156	http://www.ubuntu.com/usn/USN-2696-1	Third Party Advisory
157	http://www.ubuntu.com/usn/USN-2706-1	Third Party Advisory
158	http://www.ubuntu.com/usn/USN-2706-1	Third Party Advisory
159	http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888	Third Party Advisory
160	http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888	Third Party Advisory
161	http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892	Third Party Advisory
162	http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892	Third Party Advisory
163	http://www-01.ibm.com/support/docview.wss?uid=swg21883640	Third Party Advisory
164	http://www-01.ibm.com/support/docview.wss?uid=swg21883640	Third Party Advisory
165	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm	Third Party Advisory
166	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm	Third Party Advisory
167	http://www-304.ibm.com/support/docview.wss?uid=swg21903565	Third Party Advisory
168	http://www-304.ibm.com/support/docview.wss?uid=swg21903565	Third Party Advisory
169	http://www-304.ibm.com/support/docview.wss?uid=swg21960015	Third Party Advisory
170	http://www-304.ibm.com/support/docview.wss?uid=swg21960015	Third Party Advisory
171	http://www-304.ibm.com/support/docview.wss?uid=swg21960769	Third Party Advisory
172	http://www-304.ibm.com/support/docview.wss?uid=swg21960769	Third Party Advisory
173	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922	Third Party Advisory
174	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922	Third Party Advisory
175	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140	Third Party Advisory
176	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140	Third Party Advisory
177	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190	Third Party Advisory
178	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190	Third Party Advisory
179	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119	Third Party Advisory
180	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119	Third Party Advisory
181	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241	Third Party Advisory
182	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241	Third Party Advisory
183	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256	Third Party Advisory
184	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256	Third Party Advisory
185	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246	Third Party Advisory
186	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246	Third Party Advisory
187	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789	Third Party Advisory
188	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789	Third Party Advisory
189	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650	Third Party Advisory
190	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650	Third Party Advisory
191	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380	Third Party Advisory
192	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380	Third Party Advisory
193	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988	Third Party Advisory
194	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988	Third Party Advisory
195	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347	Third Party Advisory
196	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347	Third Party Advisory
197	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935	Third Party Advisory
198	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935	Third Party Advisory
199	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888	Third Party Advisory
200	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888	Third Party Advisory
201	https://kb.juniper.net/JSA10783	Third Party Advisory
202	https://kb.juniper.net/JSA10783	Third Party Advisory
203	https://kc.mcafee.com/corporate/index?page=content&id=SB10163	Broken Link
204	https://kc.mcafee.com/corporate/index?page=content&id=SB10163	Broken Link
205	https://security.gentoo.org/glsa/201512-10	Third Party Advisory
206	https://security.gentoo.org/glsa/201512-10	Third Party Advisory
207	https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf	Technical Description Third Party Advisory
208	https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf	Technical Description Third Party Advisory
209	https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/
210	https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/
211	https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709	Third Party Advisory
212	https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709	Third Party Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-327	不完全、または危険な暗号アルゴリズムの使用	https://cwe.mitre.org/data/definitions/327.html

JVN脆弱性情報

TLS プロトコルおよび SSL プロトコルで使用される RC4 アルゴリズムにおけるストリームの最初のバイトへの平文回復攻撃の脆弱性

タイトル	TLS プロトコルおよび SSL プロトコルで使用される RC4 アルゴリズムにおけるストリームの最初のバイトへの平文回復攻撃の脆弱性
概要	TLS プロトコルおよび SSL プロトコルで使用される RC4 アルゴリズムは、初期化フェーズでステートのデータと鍵データを適切に結合しないため、ストリームの最初のバイトへの平文回復攻撃 (plaintext-recovery attack) を実行される脆弱性が存在します。本脆弱性は、"Bar Mitzvah" と呼ばれています。
想定される影響	第三者により、Invariance Weakness の影響を受ける鍵に依存することのあるネットワークトラフィックを傍受され、その後、 LSB 値を含む総当たり (brute-force) のアプローチを使用されることで、ストリームの最初のバイトへの平文回復攻撃 (plaintext-recovery attack) を実行される可能性があります。
対策	ベンダ情報および参考情報を参照して適切な対策を実施してください。
公表日	2015年3月31日0:00
登録日	2015年4月6日14:00
最終更新日	2017年4月17日19:21

影響を受けるシステム

サン・マイクロシステムズ

Sun GlassFish Enterprise Server

マイクロソフト

Microsoft IIS

Microsoft Internet Explorer

レッドハット

JBoss Enterprise Application Server

ヒューレット・パッカード

HP Business Process Insight v9.x

HP Business Process Monitor v9.02

HP Business Process Monitor v9.03

HP Business Process Monitor v9.1x

HP Business Process Monitor v9.2x

HP Release Control v9.13

HP Release Control v9.20

HP Release Control v9.21

HP Release Control v9.21P1

HP Release Control v9.21P2

HP TransactionVision v9.x

オラクル

GlassFish

JDK 6 Update 95

JDK 7 Update 80

JDK 8 Update 45

JRE 6 Update 95

JRE 7 Update 80

JRE 8 Update 45

Oracle Communications Policy Management 9.9.2 未満

Oracle Java SE Embedded 7 Update 75

Oracle Java SE Embedded 8 Update 33

Oracle JRockit R28.3.6

SPARC Enterprise M3000 サーバ

SPARC Enterprise M4000 サーバ

SPARC Enterprise M5000 サーバ

SPARC Enterprise M8000 サーバ

SPARC Enterprise M9000 サーバ

XCP 1121 未満 (SPARC Enterprise M3000/M4000/M5000/M8000/M9000 サーバ)

IBM

IBM WebSphere Application Server

Mozilla Foundation

Mozilla Firefox

アップル

Safari

日立

Cosminexus Application Server Enterprise Version 6

Cosminexus Application Server Standard Version 6

Cosminexus Application Server Version 5

Cosminexus Developer Light Version 6

Cosminexus Developer Professional Version 6

Cosminexus Developer Standard Version 6

Cosminexus Developer Version 5

Cosminexus Developer's Kit for Java(TM)

Cosminexus HTTP Server

Cosminexus Primary Server Base Version 6

Cosminexus Primary Server Version 6

Hitachi Application Server

Hitachi Application Server for Developers

Hitachi Developer's Kit for Java

Hitachi Web Server

Hitachi Web Server - Security Enhancement

Job Management Partner 1/IT Desktop Management 2 - Smart Device Manager

JP1/IT Desktop Management 2 - Smart Device Manager

uCosminexus Application Server

uCosminexus Application Server (64)

uCosminexus Application Server -R

uCosminexus Application Server Express

uCosminexus Application Server Light

uCosminexus Application Server Standard-R

uCosminexus Application Server Enterprise

uCosminexus Application Server Smart Edition

uCosminexus Application Server Standard

uCosminexus Client

uCosminexus Client for Plug-in

uCosminexus Developer

uCosminexus Developer 01

uCosminexus Developer Professional

uCosminexus Developer Professional for Plug-in

uCosminexus Developer Light

uCosminexus Developer Standard

uCosminexus Operator

uCosminexus Operator for Service Platform

uCosminexus Primary Server Base

uCosminexus Primary Server Base(64)

uCosminexus Server Standard-R

uCosminexus Service Architect

uCosminexus Service Platform

uCosminexus Service Platform (64)

uCosminexus Service Platform - Messaging

Opera Software ASA

Opera

Google

Google Chrome

ヒューレット・パッカード・エンタープライズ

HPE Data Protector 7.03_108 より前のすべてのバージョン

HPE Data Protector 8.15 より前のすべてのバージョン

HPE Data Protector 9.06 より前のすべてのバージョン

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-2808	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
National Vulnerability Database (NVD)
2	CVE-2015-2808	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2808

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html

ベンダー情報

No	名前	URL
Apple Safari
1	トップページ	https://www.apple.com/jp/safari/
Google Chrome
2	トップページ	https://www.google.co.jp/chrome/browser/desktop/index.html
Hitachi Software Vulnerability Information
3	hitachi-sec-2017-109	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-109/index.html
4	HS15-026	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-026/index.html
5	HS16-001	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-001/index.html
6	HS16-004	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-004/index.html
HP Security Bulletin
7	HPSBGN03366	http://marc.info/?l=bugtraq&m=143818140118771&w=2
8	HPSBGN03367	http://marc.info/?l=bugtraq&m=143817899717054&w=2
9	HPSBGN03372	http://marc.info/?l=bugtraq&m=143817021313142&w=2
10	HPSBMU03377	http://marc.info/?l=bugtraq&m=143741441012338&w=2
HPE Security Bulletin
11	HPSBGN03580	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988
IBM
12	WebSphere Application Server	http://www-03.ibm.com/software/products/ja/appserv-was
IBM APAR
13	IV71888	http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888
14	IV71892	http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892
IBM Support Document
15	1883640	http://www-01.ibm.com/support/docview.wss?uid=swg21883640
JBoss
16	All JBoss Application Server Downloads	http://jbossas.jboss.org/downloads/
Microsoft Corporation
17	Internet Explorer	http://windows.microsoft.com/ja-jp/internet-explorer/download-ie
18	インターネットインフォメーションサービス (IIS)	http://www.microsoft.com/ja-jp/server-cloud/windows-server/internet-information-services-iis.aspx
Mozilla Foundation
19	トップページ	https://www.mozilla.org/ja/firefox/new/?gclid=CPyO-sjD4MQCFUpxvAodb4AAaA
Opera
20	トップページ	http://www.opera.com/ja
Oracle
21	Oracle GlassFish Server	http://www.oracle.com/jp/products/middleware/application-server/oracle-glassfish-server/index.html
Oracle Critical Patch Update
22	July 2015 Critical Patch Update Released	https://blogs.oracle.com/security/entry/july_2015_critical_patch_update
23	Oracle Critical Patch Update Advisory - April 2016	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
24	Oracle Critical Patch Update Advisory - July 2015	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
25	Oracle Critical Patch Update Advisory - July 2016	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
26	Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016	http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
27	Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html
28	Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html
29	Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html
SECURITY BLOG
30	April 2016 Critical Patch Update Released	https://blogs.oracle.com/security/entry/april_2016_critical_patch_update
31	July 2016 Critical Patch Update Released	http://blogs.oracle.com/security/entry/july_2016_critical_patch_update
ソフトウェア製品セキュリティ情報
32	hitachi-sec-2017-109	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-109/index.html
33	HS15-026	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-026/index.html
34	HS16-001	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-001/index.html
35	HS16-004	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-004/index.html

その他

No	名前	URL
ICS-CERT ADVISORY
1	ICSA-22-160-01	https://www.cisa.gov/uscert/ics/advisories/icsa-22-160-01
IPA 重要なセキュリティ情報
2	Oracle Java の脆弱性対策について(CVE-2015-2590等)	https://www.ipa.go.jp/security/ciadr/vul/20150715-jre.html
JPCERT 注意喚起
3	JPCERT-AT-2015-0022	http://www.jpcert.or.jp/at/2015/at150022.html
JVN
4	JVNVU#95298925	https://jvn.jp/vu/JVNVU95298925/
関連文書
5	Bar Mitzvah Attack	https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf

変更履歴

No	変更内容	変更日
1	[2022年06月08日] 参考情報：JVN (JVNVU#95298925) を追加	2022年6月8日13:57
0	[2015年04月06日] 掲載 [2015年07月09日] ベンダ情報：IBM (IV71892) を追加ベンダ情報：IBM (IV71888) を追加ベンダ情報：IBM (1883640) を追加 [2015年07月29日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2015) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices) を追加ベンダ情報：オラクル (July 2015 Critical Patch Update Released) を追加ベンダ情報：日立 (HS15-026) を追加参考情報：IPA 重要なセキュリティ情報 (Oracle Java の脆弱性対策について(CVE-2015-2590等)) を追加参考情報：JPCERT 注意喚起 (JPCERT-AT-2015-0022) を追加 [2015年09月03日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：ヒューレット・パッカード (HPSBGN03366) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03367) を追加ベンダ情報：ヒューレット・パッカード (HPSBGN03372) を追加ベンダ情報：ヒューレット・パッカード (HPSBMU03377) を追加 [2015年11月05日] 影響を受けるシステム：ベンダ情報の更新に伴い内容を更新 [2016年01月28日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (HS16-001) を追加 [2016年02月12日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (HS16-004) を追加 [2016年05月31日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - April 2016) を追加ベンダ情報：オラクル (Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices) を追加ベンダ情報：オラクル (April 2016 Critical Patch Update Released) を追加 [2016年06月27日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：ヒューレット・パッカード・エンタープライズ (HPSBGN03580) を追加 [2016年07月27日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2016) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices) を追加ベンダ情報：オラクル (July 2016 Critical Patch Update Released) を追加 [2017年04月17日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (hitachi-sec-2017-109) を追加	2018年2月17日10:37
2	[2022年06月13日] 参考情報：ICS-CERT ADVISORY (ICSA-22-160-01) を追加	2022年6月13日14:53

構成3	以上	以下	より上	未満
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:a:redhat:satellite:5.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*

構成4	以上	以下	より上	未満
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*
cpe:2.3:o:opensuse:opensuse:13.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*
cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::
cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::