[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-4000Date: (C)2015-06-09   (M)2024-03-27


The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 3.7CVSS Score : 4.3
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: LOW 
Availability: NONE 
  
Reference:
SECTRACK-1032474
SECTRACK-1032475
SECTRACK-1032476
SECTRACK-1032637
SECTRACK-1032645
SECTRACK-1032647
SECTRACK-1032648
SECTRACK-1032649
SECTRACK-1032650
SECTRACK-1032651
SECTRACK-1032652
SECTRACK-1032653
SECTRACK-1032654
SECTRACK-1032655
SECTRACK-1032656
SECTRACK-1032688
SECTRACK-1032699
SECTRACK-1032702
SECTRACK-1032727
SECTRACK-1032759
SECTRACK-1032777
SECTRACK-1032778
SECTRACK-1032783
SECTRACK-1032784
SECTRACK-1032856
SECTRACK-1032864
SECTRACK-1032865
SECTRACK-1032871
SECTRACK-1032884
SECTRACK-1032910
SECTRACK-1032932
SECTRACK-1032960
SECTRACK-1033019
SECTRACK-1033064
SECTRACK-1033065
SECTRACK-1033067
SECTRACK-1033208
SECTRACK-1033209
SECTRACK-1033210
SECTRACK-1033222
SECTRACK-1033341
SECTRACK-1033385
SECTRACK-1033416
SECTRACK-1033430
SECTRACK-1033433
SECTRACK-1033513
SECTRACK-1033760
SECTRACK-1033891
SECTRACK-1033991
SECTRACK-1034087
SECTRACK-1034728
SECTRACK-1034884
SECTRACK-1036218
SECTRACK-1040630
BID-74733
BID-91787
APPLE-SA-2015-06-30-1
APPLE-SA-2015-06-30-2
DSA-3287
DSA-3300
DSA-3316
DSA-3324
DSA-3339
DSA-3688
FEDORA-2015-9048
FEDORA-2015-9130
FEDORA-2015-9161
GLSA-201506-02
GLSA-201512-10
GLSA-201603-11
GLSA-201701-46
HPSBGN03351
HPSBGN03361
HPSBGN03362
HPSBGN03373
HPSBGN03399
HPSBGN03402
HPSBGN03404
HPSBGN03405
HPSBGN03407
HPSBGN03411
HPSBGN03533
HPSBHF03510
HPSBMU03345
HPSBMU03356
HPSBMU03401
HPSBUX03363
HPSBUX03512
NetBSD-SA2015-008
RHSA-2015:1072
RHSA-2015:1185
RHSA-2015:1197
RHSA-2015:1228
RHSA-2015:1229
RHSA-2015:1230
RHSA-2015:1241
RHSA-2015:1242
RHSA-2015:1243
RHSA-2015:1485
RHSA-2015:1486
RHSA-2015:1488
RHSA-2015:1526
RHSA-2015:1544
RHSA-2015:1604
RHSA-2016:1624
RHSA-2016:2056
SSRT102112
SSRT102180
SSRT102254
SSRT102977
SUSE-SU-2015:1143
SUSE-SU-2015:1150
SUSE-SU-2015:1177
SUSE-SU-2015:1181
SUSE-SU-2015:1182
SUSE-SU-2015:1183
SUSE-SU-2015:1184
SUSE-SU-2015:1185
SUSE-SU-2015:1268
SUSE-SU-2015:1269
SUSE-SU-2015:1319
SUSE-SU-2015:1320
SUSE-SU-2015:1449
SUSE-SU-2015:1581
SUSE-SU-2015:1663
SUSE-SU-2016:0224
SUSE-SU-2016:0262
USN-2656-1
USN-2656-2
USN-2673-1
USN-2696-1
USN-2706-1
http://openwall.com/lists/oss-security/2015/05/20/8
http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204942
http://support.citrix.com/article/CTX201114
http://www-01.ibm.com/support/docview.wss?uid=swg21959111
http://www-01.ibm.com/support/docview.wss?uid=swg21959195
http://www-01.ibm.com/support/docview.wss?uid=swg21959325
http://www-01.ibm.com/support/docview.wss?uid=swg21959453
http://www-01.ibm.com/support/docview.wss?uid=swg21959481
http://www-01.ibm.com/support/docview.wss?uid=swg21959517
http://www-01.ibm.com/support/docview.wss?uid=swg21959530
http://www-01.ibm.com/support/docview.wss?uid=swg21959539
http://www-01.ibm.com/support/docview.wss?uid=swg21959636
http://www-01.ibm.com/support/docview.wss?uid=swg21959812
http://www-01.ibm.com/support/docview.wss?uid=swg21960191
http://www-01.ibm.com/support/docview.wss?uid=swg21961717
http://www-01.ibm.com/support/docview.wss?uid=swg21962455
http://www-01.ibm.com/support/docview.wss?uid=swg21962739
http://www-304.ibm.com/support/docview.wss?uid=swg21958984
http://www-304.ibm.com/support/docview.wss?uid=swg21959132
http://www-304.ibm.com/support/docview.wss?uid=swg21960041
http://www-304.ibm.com/support/docview.wss?uid=swg21960194
http://www-304.ibm.com/support/docview.wss?uid=swg21960380
http://www-304.ibm.com/support/docview.wss?uid=swg21960418
http://www-304.ibm.com/support/docview.wss?uid=swg21962816
http://www-304.ibm.com/support/docview.wss?uid=swg21967893
http://www.fortiguard.com/advisory/2015-05-20-logjam-attack
http://www.mozilla.org/security/announce/2015/mfsa2015-70.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
https://bto.bluecoat.com/security-advisory/sa98
https://bugzilla.mozilla.org/show_bug.cgi?id=1138554
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
https://openssl.org/news/secadv/20150611.txt
https://puppet.com/security/cve/CVE-2015-4000
https://security.netapp.com/advisory/ntap-20150619-0001/
https://support.citrix.com/article/CTX216642
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
https://weakdh.org/
https://weakdh.org/imperfect-forward-secrecy.pdf
https://www-304.ibm.com/support/docview.wss?uid=swg21959745
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
https://www.openssl.org/news/secadv_20150611.txt
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.suse.com/security/cve/CVE-2015-4000.html
openSUSE-SU-2015:1139
openSUSE-SU-2015:1209
openSUSE-SU-2015:1229
openSUSE-SU-2015:1266
openSUSE-SU-2015:1277
openSUSE-SU-2015:1288
openSUSE-SU-2015:1289
openSUSE-SU-2015:1684
openSUSE-SU-2016:0226
openSUSE-SU-2016:0255
openSUSE-SU-2016:0261
openSUSE-SU-2016:0478
openSUSE-SU-2016:0483

CPE    38
cpe:/a:openssl:openssl:1.0.1:beta1
cpe:/a:openssl:openssl:1.0.1:beta3
cpe:/o:mozilla:firefox_os:2.2
cpe:/a:openssl:openssl:1.0.1:beta2
...
CWE    1
CWE-310
OVAL    93
oval:org.secpod.oval:def:505561
oval:org.secpod.oval:def:505600
oval:org.secpod.oval:def:203649
oval:org.secpod.oval:def:602173
...

© SecPod Technologies