Search
Find a vulnerability
Search criteria
4 vulnerabilities found for oceanstor_9000_firmware by huawei
CVE-2020-8840 (GCVE-0-2020-8840)
Vulnerability from nvd – Published: 2020-02-10 19:41 – Updated: 2024-08-04 10:12
VLAI
EPSS
VEX
Summary
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
44 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[druid-commits] 20200219 [GitHub] [druid] ccaominh opened a new pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200219 [GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
},
{
"name": "[druid-commits] 20200221 [GitHub] [druid] ccaominh merged pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] eolivelli opened a new pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Assigned] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] phunt commented on issue #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch master updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Resolved] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] asfgit closed pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200224 [zookeeper] 01/02: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Created] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200415 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Resolved] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200430 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200507 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200514 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200327-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:15:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[druid-commits] 20200219 [GitHub] [druid] ccaominh opened a new pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200219 [GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
},
{
"name": "[druid-commits] 20200221 [GitHub] [druid] ccaominh merged pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] eolivelli opened a new pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Assigned] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] phunt commented on issue #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch master updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Resolved] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] asfgit closed pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200224 [zookeeper] 01/02: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Created] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200415 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Resolved] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200430 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200507 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200514 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200327-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[druid-commits] 20200219 [GitHub] [druid] ccaominh opened a new pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200219 [GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
},
{
"name": "[druid-commits] 20200221 [GitHub] [druid] ccaominh merged pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] eolivelli opened a new pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Assigned] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] phunt commented on issue #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch master updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Resolved] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] asfgit closed pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200224 [zookeeper] 01/02: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Created] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200415 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Resolved] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200430 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200507 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200514 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2620",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-databind/issues/2620"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200327-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200327-0002/"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8840",
"datePublished": "2020-02-10T19:41:58.000Z",
"dateReserved": "2020-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:10.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2808 (GCVE-0-2015-2808)
Vulnerability from nvd – Published: 2015-04-01 00:00 – Updated: 2026-05-28 12:53
VLAI
EPSS
VEX
Summary
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
101 references
Date Public
2015-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT102127",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
},
{
"name": "RHSA-2015:1243",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
},
{
"name": "RHSA-2015:1007",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name": "HPSBGN03367",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
},
{
"name": "HPSBUX03512",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "RHSA-2015:1006",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "1033737",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033737"
},
{
"name": "SUSE-SU-2015:2192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
},
{
"name": "HPSBGN03399",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "1036222",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036222"
},
{
"tags": [
"x_transferred"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
},
{
"name": "SSRT102129",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "RHSA-2015:1229",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650"
},
{
"name": "1032600",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032600"
},
{
"name": "1032910",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032910"
},
{
"name": "USN-2706-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2706-1"
},
{
"name": "RHSA-2015:1526",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
},
{
"name": "SSRT102133",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1032599",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032599"
},
{
"name": "HPSBMU03401",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21903565"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"name": "HPSBMU03345",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "IV71892",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347"
},
{
"name": "1033769",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033769"
},
{
"name": "1032707",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032707"
},
{
"name": "openSUSE-SU-2015:1289",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"name": "HPSBGN03372",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
},
{
"name": "RHSA-2015:1091",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"name": "HPSBGN03402",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"name": "IV71888",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888"
},
{
"name": "RHSA-2015:1228",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"name": "HPSBGN03405",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"name": "1032708",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032708"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-454055"
},
{
"name": "DSA-3316",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"name": "SUSE-SU-2015:2166",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1033415",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033415"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
},
{
"name": "HPSBGN03366",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709"
},
{
"name": "HPSBGN03403",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2"
},
{
"name": "SSRT102254",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name": "HPSBGN03407",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"name": "1033432",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033432"
},
{
"name": "HPSBGN03354",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2"
},
{
"name": "SUSE-SU-2015:1138",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name": "1032858",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032858"
},
{
"name": "SSRT102073",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922"
},
{
"name": "1032788",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032788"
},
{
"name": "USN-2696-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2696-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf"
},
{
"name": "DSA-3339",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"name": "RHSA-2015:1020",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name": "RHSA-2015:1242",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
},
{
"name": "SUSE-SU-2015:1086",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name": "1033431",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033431"
},
{
"tags": [
"x_transferred"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1032868",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032868"
},
{
"name": "HPSBGN03415",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2015:1319",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"name": "SUSE-SU-2015:1320",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"name": "openSUSE-SU-2015:1288",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"name": "RHSA-2015:1241",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "RHSA-2015:1230",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"name": "HPSBGN03338",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2"
},
{
"name": "1033386",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033386"
},
{
"name": "HPSBMU03377",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
},
{
"name": "1033072",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033072"
},
{
"name": "SSRT102150",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
},
{
"name": "SUSE-SU-2015:1085",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
},
{
"name": "RHSA-2015:1021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960015"
},
{
"name": "SUSE-SU-2015:1073",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"name": "SUSE-SU-2015:1161",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"name": "HPSBGN03414",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2"
},
{
"name": "73684",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73684"
},
{
"name": "1032990",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032990"
},
{
"name": "1033071",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033071"
},
{
"name": "SUSE-SU-2016:0113",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-2808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T23:55:11.123525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T12:53:51.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-07T16:46:59.848Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SSRT102127",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
},
{
"name": "RHSA-2015:1243",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
},
{
"name": "RHSA-2015:1007",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name": "HPSBGN03367",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
},
{
"name": "HPSBUX03512",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "RHSA-2015:1006",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256"
},
{
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "1033737",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033737"
},
{
"name": "SUSE-SU-2015:2192",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
},
{
"name": "HPSBGN03399",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "1036222",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036222"
},
{
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
},
{
"name": "SSRT102129",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "RHSA-2015:1229",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650"
},
{
"name": "1032600",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032600"
},
{
"name": "1032910",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032910"
},
{
"name": "USN-2706-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2706-1"
},
{
"name": "RHSA-2015:1526",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
},
{
"name": "SSRT102133",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1032599",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032599"
},
{
"name": "HPSBMU03401",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21903565"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"name": "HPSBMU03345",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"name": "1032734",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "IV71892",
"tags": [
"vendor-advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347"
},
{
"name": "1033769",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033769"
},
{
"name": "1032707",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032707"
},
{
"name": "openSUSE-SU-2015:1289",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"name": "HPSBGN03372",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
},
{
"name": "RHSA-2015:1091",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"name": "HPSBGN03402",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"name": "IV71888",
"tags": [
"vendor-advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888"
},
{
"name": "RHSA-2015:1228",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"name": "HPSBGN03405",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"name": "1032708",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032708"
},
{
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-454055"
},
{
"name": "DSA-3316",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"name": "SUSE-SU-2015:2166",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1033415",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033415"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
},
{
"name": "HPSBGN03366",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
},
{
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709"
},
{
"name": "HPSBGN03403",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2"
},
{
"name": "SSRT102254",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name": "HPSBGN03407",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"name": "1033432",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033432"
},
{
"name": "HPSBGN03354",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2"
},
{
"name": "SUSE-SU-2015:1138",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name": "1032858",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032858"
},
{
"name": "SSRT102073",
"tags": [
"vendor-advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922"
},
{
"name": "1032788",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032788"
},
{
"name": "USN-2696-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2696-1"
},
{
"url": "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf"
},
{
"name": "DSA-3339",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"name": "RHSA-2015:1020",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name": "RHSA-2015:1242",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
},
{
"name": "SUSE-SU-2015:1086",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name": "1033431",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033431"
},
{
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1032868",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032868"
},
{
"name": "HPSBGN03415",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2015:1319",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"name": "SUSE-SU-2015:1320",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"name": "openSUSE-SU-2015:1288",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"name": "RHSA-2015:1241",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "RHSA-2015:1230",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"name": "HPSBGN03338",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2"
},
{
"name": "1033386",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033386"
},
{
"name": "HPSBMU03377",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
},
{
"name": "1033072",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033072"
},
{
"name": "SSRT102150",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
},
{
"name": "SUSE-SU-2015:1085",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
},
{
"name": "RHSA-2015:1021",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960015"
},
{
"name": "SUSE-SU-2015:1073",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"name": "SUSE-SU-2015:1161",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"name": "HPSBGN03414",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2"
},
{
"name": "73684",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/73684"
},
{
"name": "1032990",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032990"
},
{
"name": "1033071",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033071"
},
{
"name": "SUSE-SU-2016:0113",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
},
{
"url": "https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2808",
"datePublished": "2015-04-01T00:00:00.000Z",
"dateReserved": "2015-03-31T00:00:00.000Z",
"dateUpdated": "2026-05-28T12:53:51.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-8840 (GCVE-0-2020-8840)
Vulnerability from cvelistv5 – Published: 2020-02-10 19:41 – Updated: 2024-08-04 10:12
VLAI
EPSS
VEX
Summary
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
44 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[druid-commits] 20200219 [GitHub] [druid] ccaominh opened a new pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200219 [GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
},
{
"name": "[druid-commits] 20200221 [GitHub] [druid] ccaominh merged pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] eolivelli opened a new pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Assigned] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] phunt commented on issue #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch master updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Resolved] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] asfgit closed pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200224 [zookeeper] 01/02: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Created] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200415 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Resolved] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200430 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200507 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200514 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200327-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:15:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[druid-commits] 20200219 [GitHub] [druid] ccaominh opened a new pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200219 [GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
},
{
"name": "[druid-commits] 20200221 [GitHub] [druid] ccaominh merged pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] eolivelli opened a new pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Assigned] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] phunt commented on issue #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch master updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Resolved] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] asfgit closed pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200224 [zookeeper] 01/02: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Created] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200415 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Resolved] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200430 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200507 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200514 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200327-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[druid-commits] 20200219 [GitHub] [druid] ccaominh opened a new pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200219 [GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
},
{
"name": "[druid-commits] 20200221 [GitHub] [druid] ccaominh merged pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] eolivelli opened a new pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Assigned] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] phunt commented on issue #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch master updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200223 [jira] [Resolved] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] asfgit closed pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20200224 [zookeeper] 01/02: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200330 [jira] [Created] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200408 Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200415 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200416 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200417 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200427 [jira] [Resolved] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200430 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200507 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200514 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2620",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-databind/issues/2620"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200327-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200327-0002/"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8840",
"datePublished": "2020-02-10T19:41:58.000Z",
"dateReserved": "2020-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:10.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2808 (GCVE-0-2015-2808)
Vulnerability from cvelistv5 – Published: 2015-04-01 00:00 – Updated: 2026-05-28 12:53
VLAI
EPSS
VEX
Summary
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
101 references
Date Public
2015-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT102127",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
},
{
"name": "RHSA-2015:1243",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
},
{
"name": "RHSA-2015:1007",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name": "HPSBGN03367",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
},
{
"name": "HPSBUX03512",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "RHSA-2015:1006",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "1033737",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033737"
},
{
"name": "SUSE-SU-2015:2192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
},
{
"name": "HPSBGN03399",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "1036222",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036222"
},
{
"tags": [
"x_transferred"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
},
{
"name": "SSRT102129",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "RHSA-2015:1229",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650"
},
{
"name": "1032600",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032600"
},
{
"name": "1032910",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032910"
},
{
"name": "USN-2706-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2706-1"
},
{
"name": "RHSA-2015:1526",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
},
{
"name": "SSRT102133",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1032599",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032599"
},
{
"name": "HPSBMU03401",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21903565"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"name": "HPSBMU03345",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"name": "1032734",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "IV71892",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347"
},
{
"name": "1033769",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033769"
},
{
"name": "1032707",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032707"
},
{
"name": "openSUSE-SU-2015:1289",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"name": "HPSBGN03372",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
},
{
"name": "RHSA-2015:1091",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"name": "HPSBGN03402",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"name": "IV71888",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888"
},
{
"name": "RHSA-2015:1228",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"name": "HPSBGN03405",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"name": "1032708",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032708"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-454055"
},
{
"name": "DSA-3316",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"name": "SUSE-SU-2015:2166",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1033415",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033415"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
},
{
"name": "HPSBGN03366",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709"
},
{
"name": "HPSBGN03403",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2"
},
{
"name": "SSRT102254",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name": "HPSBGN03407",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"name": "1033432",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033432"
},
{
"name": "HPSBGN03354",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2"
},
{
"name": "SUSE-SU-2015:1138",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name": "1032858",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032858"
},
{
"name": "SSRT102073",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922"
},
{
"name": "1032788",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032788"
},
{
"name": "USN-2696-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2696-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf"
},
{
"name": "DSA-3339",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"name": "RHSA-2015:1020",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name": "RHSA-2015:1242",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
},
{
"name": "SUSE-SU-2015:1086",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name": "1033431",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033431"
},
{
"tags": [
"x_transferred"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1032868",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032868"
},
{
"name": "HPSBGN03415",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2015:1319",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"name": "SUSE-SU-2015:1320",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"name": "openSUSE-SU-2015:1288",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"name": "RHSA-2015:1241",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "RHSA-2015:1230",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"name": "HPSBGN03338",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2"
},
{
"name": "1033386",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033386"
},
{
"name": "HPSBMU03377",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
},
{
"name": "1033072",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033072"
},
{
"name": "SSRT102150",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
},
{
"name": "SUSE-SU-2015:1085",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
},
{
"name": "RHSA-2015:1021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960015"
},
{
"name": "SUSE-SU-2015:1073",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"name": "SUSE-SU-2015:1161",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"name": "HPSBGN03414",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2"
},
{
"name": "73684",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73684"
},
{
"name": "1032990",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032990"
},
{
"name": "1033071",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033071"
},
{
"name": "SUSE-SU-2016:0113",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-2808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T23:55:11.123525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T12:53:51.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-07T16:46:59.848Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SSRT102127",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
},
{
"name": "RHSA-2015:1243",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
},
{
"name": "RHSA-2015:1007",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name": "HPSBGN03367",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
},
{
"name": "HPSBUX03512",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "RHSA-2015:1006",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256"
},
{
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "1033737",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033737"
},
{
"name": "SUSE-SU-2015:2192",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
},
{
"name": "HPSBGN03399",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "1036222",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036222"
},
{
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
},
{
"name": "SSRT102129",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "RHSA-2015:1229",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650"
},
{
"name": "1032600",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032600"
},
{
"name": "1032910",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032910"
},
{
"name": "USN-2706-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2706-1"
},
{
"name": "RHSA-2015:1526",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
},
{
"name": "SSRT102133",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1032599",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032599"
},
{
"name": "HPSBMU03401",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21903565"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"name": "HPSBMU03345",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"name": "1032734",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "IV71892",
"tags": [
"vendor-advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347"
},
{
"name": "1033769",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033769"
},
{
"name": "1032707",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032707"
},
{
"name": "openSUSE-SU-2015:1289",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"name": "HPSBGN03372",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
},
{
"name": "RHSA-2015:1091",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"name": "HPSBGN03402",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"name": "IV71888",
"tags": [
"vendor-advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888"
},
{
"name": "RHSA-2015:1228",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"name": "HPSBGN03405",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"name": "1032708",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032708"
},
{
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-454055"
},
{
"name": "DSA-3316",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"name": "SUSE-SU-2015:2166",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1033415",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033415"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
},
{
"name": "HPSBGN03366",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
},
{
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709"
},
{
"name": "HPSBGN03403",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2"
},
{
"name": "SSRT102254",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name": "HPSBGN03407",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"name": "1033432",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033432"
},
{
"name": "HPSBGN03354",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2"
},
{
"name": "SUSE-SU-2015:1138",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name": "1032858",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032858"
},
{
"name": "SSRT102073",
"tags": [
"vendor-advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922"
},
{
"name": "1032788",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032788"
},
{
"name": "USN-2696-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2696-1"
},
{
"url": "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf"
},
{
"name": "DSA-3339",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"name": "RHSA-2015:1020",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name": "RHSA-2015:1242",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
},
{
"name": "SUSE-SU-2015:1086",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name": "1033431",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033431"
},
{
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
},
{
"name": "1032868",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032868"
},
{
"name": "HPSBGN03415",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2015:1319",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"name": "SUSE-SU-2015:1320",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"name": "openSUSE-SU-2015:1288",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"name": "RHSA-2015:1241",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "RHSA-2015:1230",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"name": "HPSBGN03338",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2"
},
{
"name": "1033386",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033386"
},
{
"name": "HPSBMU03377",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
},
{
"name": "1033072",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033072"
},
{
"name": "SSRT102150",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
},
{
"name": "SUSE-SU-2015:1085",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
},
{
"name": "RHSA-2015:1021",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960015"
},
{
"name": "SUSE-SU-2015:1073",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"name": "SUSE-SU-2015:1161",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"name": "HPSBGN03414",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2"
},
{
"name": "73684",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/73684"
},
{
"name": "1032990",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032990"
},
{
"name": "1033071",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033071"
},
{
"name": "SUSE-SU-2016:0113",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
},
{
"url": "https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2808",
"datePublished": "2015-04-01T00:00:00.000Z",
"dateReserved": "2015-03-31T00:00:00.000Z",
"dateUpdated": "2026-05-28T12:53:51.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}