[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-4000

Date: (C)2015-06-09   (M)2017-12-13 


The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE





Reference:
SECTRACK-1032474
SECTRACK-1032475
SECTRACK-1032476
SECTRACK-1032637
SECTRACK-1032645
SECTRACK-1032647
SECTRACK-1032648
SECTRACK-1032649
SECTRACK-1032650
SECTRACK-1032651
SECTRACK-1032652
SECTRACK-1032653
SECTRACK-1032654
SECTRACK-1032655
SECTRACK-1032656
SECTRACK-1032688
SECTRACK-1032699
SECTRACK-1032702
SECTRACK-1032727
SECTRACK-1032759
SECTRACK-1032777
SECTRACK-1032778
SECTRACK-1032783
SECTRACK-1032784
SECTRACK-1032856
SECTRACK-1032864
SECTRACK-1032865
SECTRACK-1032871
SECTRACK-1032884
SECTRACK-1032910
SECTRACK-1032932
SECTRACK-1032960
SECTRACK-1033019
SECTRACK-1033064
SECTRACK-1033065
SECTRACK-1033067
SECTRACK-1033208
SECTRACK-1033209
SECTRACK-1033210
SECTRACK-1033222
SECTRACK-1033341
SECTRACK-1033385
SECTRACK-1033416
SECTRACK-1033430
SECTRACK-1033433
SECTRACK-1033513
SECTRACK-1033760
SECTRACK-1033891
SECTRACK-1033991
SECTRACK-1034087
SECTRACK-1034728
SECTRACK-1034884
SECTRACK-1036218
BID-74733
BID-91787
APPLE-SA-2015-06-30-1
APPLE-SA-2015-06-30-2
DSA-3287
DSA-3300
DSA-3316
DSA-3324
DSA-3339
DSA-3688
FEDORA-2015-9048
FEDORA-2015-9130
FEDORA-2015-9161
GLSA-201506-02
GLSA-201512-10
GLSA-201603-11
GLSA-201701-46
HPSBGN03351
HPSBGN03361
HPSBGN03362
HPSBGN03373
HPSBGN03399
HPSBGN03402
HPSBGN03404
HPSBGN03405
HPSBGN03407
HPSBGN03411
HPSBGN03533
HPSBHF03510
HPSBMU03345
HPSBMU03356
HPSBMU03401
HPSBUX03363
NetBSD-SA2015-008
RHSA-2015:1072
RHSA-2015:1197
RHSA-2015:1526
SSRT102112
SSRT102180
SSRT102254
SSRT102977
SUSE-SU-2015:1143
SUSE-SU-2015:1150
SUSE-SU-2015:1177
SUSE-SU-2015:1181
SUSE-SU-2015:1182
SUSE-SU-2015:1183
SUSE-SU-2015:1184
SUSE-SU-2015:1185
SUSE-SU-2015:1268
SUSE-SU-2015:1269
SUSE-SU-2015:1319
SUSE-SU-2015:1320
SUSE-SU-2015:1449
SUSE-SU-2015:1581
SUSE-SU-2015:1663
SUSE-SU-2016:0224
SUSE-SU-2016:0262
USN-2656-1
USN-2656-2
USN-2673-1
USN-2696-1
USN-2706-1
http://openwall.com/lists/oss-security/2015/05/20/8
http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204942
http://support.citrix.com/article/CTX201114
http://www-01.ibm.com/support/docview.wss?uid=swg21959111
http://www-01.ibm.com/support/docview.wss?uid=swg21959195
http://www-01.ibm.com/support/docview.wss?uid=swg21959325
http://www-01.ibm.com/support/docview.wss?uid=swg21959453
http://www-01.ibm.com/support/docview.wss?uid=swg21959481
http://www-01.ibm.com/support/docview.wss?uid=swg21959517
http://www-01.ibm.com/support/docview.wss?uid=swg21959530
http://www-01.ibm.com/support/docview.wss?uid=swg21959539
http://www-01.ibm.com/support/docview.wss?uid=swg21959636
http://www-01.ibm.com/support/docview.wss?uid=swg21959812
http://www-01.ibm.com/support/docview.wss?uid=swg21960191
http://www-01.ibm.com/support/docview.wss?uid=swg21961717
http://www-01.ibm.com/support/docview.wss?uid=swg21962455
http://www-01.ibm.com/support/docview.wss?uid=swg21962739
http://www-304.ibm.com/support/docview.wss?uid=swg21958984
http://www-304.ibm.com/support/docview.wss?uid=swg21959132
http://www-304.ibm.com/support/docview.wss?uid=swg21960041
http://www-304.ibm.com/support/docview.wss?uid=swg21960194
http://www-304.ibm.com/support/docview.wss?uid=swg21960380
http://www-304.ibm.com/support/docview.wss?uid=swg21960418
http://www-304.ibm.com/support/docview.wss?uid=swg21962816
http://www-304.ibm.com/support/docview.wss?uid=swg21967893
http://www.fortiguard.com/advisory/2015-05-20-logjam-attack
http://www.mozilla.org/security/announce/2015/mfsa2015-70.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
https://bto.bluecoat.com/security-advisory/sa98
https://bugzilla.mozilla.org/show_bug.cgi?id=1138554
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
https://openssl.org/news/secadv/20150611.txt
https://puppet.com/security/cve/CVE-2015-4000
https://security.netapp.com/advisory/ntap-20150619-0001/
https://support.citrix.com/article/CTX216642
https://weakdh.org/
https://weakdh.org/imperfect-forward-secrecy.pdf
https://www-304.ibm.com/support/docview.wss?uid=swg21959745
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
https://www.openssl.org/news/secadv_20150611.txt
https://www.suse.com/security/cve/CVE-2015-4000.html
openSUSE-SU-2015:1139
openSUSE-SU-2015:1209
openSUSE-SU-2015:1229
openSUSE-SU-2015:1266
openSUSE-SU-2015:1277
openSUSE-SU-2015:1288
openSUSE-SU-2015:1289
openSUSE-SU-2015:1684
openSUSE-SU-2016:0226
openSUSE-SU-2016:0255
openSUSE-SU-2016:0261
openSUSE-SU-2016:0478
openSUSE-SU-2016:0483

CPE    17
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/o:mozilla:firefox_os:2.2
cpe:/o:apple:mac_os_x:10.10.3
...
CWE    1
CWE-310
OVAL    74
oval:org.secpod.oval:def:203649
oval:org.secpod.oval:def:602173
oval:org.secpod.oval:def:25890
oval:org.secpod.oval:def:602207
...

© 2013 SecPod Technologies