[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-0204Date: (C)2015-01-13   (M)2024-02-22


The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1033378
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
BID-71936
BID-91787
APPLE-SA-2015-04-08-2
DSA-3125
GLSA-201503-11
HPSBGN03299
HPSBHF03289
HPSBMU03345
HPSBMU03380
HPSBMU03396
HPSBMU03397
HPSBMU03409
HPSBMU03413
HPSBOV03318
HPSBUX03162
HPSBUX03244
HPSBUX03334
MDVSA-2015:019
MDVSA-2015:062
MDVSA-2015:063
RHSA-2015:0066
RHSA-2015:0800
RHSA-2015:0849
RHSA-2016:1650
SUSE-SU-2015:0578
SUSE-SU-2015:0946
SUSE-SU-2015:1085
SUSE-SU-2015:1086
SUSE-SU-2015:1138
SUSE-SU-2015:1161
SUSE-SU-2015:2166
SUSE-SU-2015:2168
SUSE-SU-2015:2182
SUSE-SU-2015:2192
SUSE-SU-2015:2216
SUSE-SU-2016:0113
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
http://support.novell.com/security/cve/CVE-2015-0204.html
http://www-01.ibm.com/support/docview.wss?uid=swg21883640
http://www-304.ibm.com/support/docview.wss?uid=swg21960769
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
https://bto.bluecoat.com/security-advisory/sa88
https://bto.bluecoat.com/security-advisory/sa91
https://freakattack.com/
https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
https://support.apple.com/HT204659
https://support.citrix.com/article/CTX216642
https://www.openssl.org/news/secadv_20150108.txt
https://www.openssl.org/news/secadv_20150319.txt
openSUSE-SU-2015:0130
openSUSE-SU-2016:0640
openssl-cve20150204-weak-security(99707)

CPE    26
cpe:/a:openssl:openssl:1.0.0h
cpe:/a:openssl:openssl:1.0.0g
cpe:/a:openssl:openssl:1.0.0j
cpe:/a:openssl:openssl:1.0.0i
...
CWE    1
CWE-310
OVAL    23
oval:org.secpod.oval:def:1200139
oval:org.secpod.oval:def:1500918
oval:org.secpod.oval:def:52387
oval:org.secpod.oval:def:501488
...

© SecPod Technologies