本站点使用cookies,继续浏览表示您同意我们使用cookies。Cookies和隐私政策
TLS和SSL协议中使用的RC4 (Rivest Cipher 4)算法存在一个安全漏洞。RC4算法不能提供充分的数据保护。在监听到SSL和TLS连接后,攻击者可以通过暴力破解的方式还原明文。这个漏洞也被称为受戒礼(Bar Mitzvah)。(Vulnerability ID: HWPSIRT-2015-03025)
此漏洞的CVE编号为:CVE-2015-2808。
产品名称 |
版本号 |
修复版本号 |
E6000 Chassis |
V100R001C00 |
V100R001C00SPC300 |
E9000 Chassis |
V100R001C00 |
V100R001C00SPC230 |
OceanStor 18500 |
V100R001C00 |
V100R001C20SPC200 |
V100R001C10 |
||
OceanStor 18800 |
V100R001C00 |
V100R001C20SPC200 |
V100R001C10 |
||
V100R001C20 |
||
V100R001C30 |
||
OceanStor 18800F |
V100R001C00 |
V100R001C20SPC200 |
V100R001C10 |
||
V100R001C20 |
||
V100R001C30 |
||
OceanStor 9000 |
V100R001C01 |
V100R001C01SPC210 |
OceanStor CSE |
V100R002C00LSFM01 |
V100R003C00 |
OceanStor HVS85T |
V100R001C00 |
OceanStor 18500 V100R001C20SPC200 |
V100R001C30 |
||
OceanStor ReplicationDirector |
V100R003C00 |
V100R003C00SPC400 |
OceanStor S2600T |
V200R002C00 |
V200R002C20SPC200 |
V200R002C10 |
||
V200R002C20 |
||
V200R002C30 |
||
OceanStor S5500T |
V200R002C00 |
V200R002C20SPC200 |
V200R002C10 |
||
OceanStor S5600T |
V200R002C00 |
V200R002C20SPC200 |
V200R002C10 |
||
OceanStor S5800T |
V200R001C00SPC800 |
V200R002C20SPC200 |
V200R002C00 |
||
V200R002C10 |
||
OceanStor S6800T |
V200R002C00 |
V200R002C20SPC200 |
V200R002C10 |
||
OceanStor VIS6600T |
V200R003C10 |
V200R003C10SPC400 |
Policy Center |
V100R003C00 |
V100R003C10SPC015 |
V100R003C10 |
||
Quidway S9300 |
V100R006C00B010 |
V200R007SPH003 |
S7700/ 9700/ S12700 |
V200R006 and earlier versions |
V200R007C00SPC500+V200R007SPH003 |
V200R007C00SPC500 |
V200R007SPH003 |
|
S2700/ S3700 |
V100R006C05 |
V100R006SPH023 |
S5700EI/ S5700HI/ S5700SI/ S5710EI/ S5710HI/ S6700 |
V200R005 and earlier versions |
V200R005C00SPC500 |
S2750/ S5700LI/ S5700S-LI/ S5720HI |
V200R006C00SPC300 |
V200R006SPH006 |
S2750/ S5700LI/ S5700S-LI/ S5720HI/ S5720EI |
V200R007C00SPC500 |
V200R007SPH003 |
SMC2.0 |
V100R002C01 |
V100R003C10SPC100 |
V100R002C02 |
||
V100R002C03 |
||
V100R002C04 |
||
TE60 |
V100R001C10 |
V100R001C10SPC300 |
UltraVR |
V100R003C00 |
V100R003C00SPC200 |
漏洞使用CVSSv2计分系统进行分级(http://www.first.org/cvss/)
基础得分:4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
临时得分:3.6 (E:F/RL:O/RC:C)无
用户可以通过华为TAC (Huawei Technical Assistance Center)获取补丁/更新版本。
TAC的联系方式见链接: http://www.huawei.com/cn/security/psirt/report-vulnerabilities/index.htm.
对于华为产品和解决方案的安全问题,请通过PSIRT@huawei.com联系华为PSIRT。
对于通用的华为产品和解决方案的问题,直接联系华为TAC(Huawei Technical Assistance Center)获取相关问题的配置或技术协助
2016-05-05 V1.1 UPDATE Update the affected product list and fixed version
2015-09-19 V1.0 INITIAL
无