The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Configuration 13 (hide)
|
History
09 Feb 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:* |
cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:* |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory |
13 Dec 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 May 2022, 14:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:jdk:1.7.0:update_80:*:*:*:*:*:* |
cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:* |
23 Jul 2021, 15:12
Type | Values Removed | Values Added |
---|---|---|
References | (SECTRACK) http://www.securitytracker.com/id/1033760Â - VDB Entry, Third Party Advisory | |
CPE | cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:* |
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2015-05-21 00:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-4000
Mitre link : CVE-2015-4000
CVE.ORG link : CVE-2015-4000
JSON object : View
Products Affected
openssl
- openssl
mozilla
- thunderbird
- seamonkey
- firefox_esr
- firefox
- firefox_os
- network_security_services
canonical
- ubuntu_linux
oracle
- jdk
- jre
- jrockit
- sparc-opl_service_processor
suse
- linux_enterprise_software_development_kit
- linux_enterprise_desktop
- linux_enterprise_server
- suse_linux_enterprise_server
hp
- hp-ux
debian
- debian_linux
apple
- iphone_os
- safari
- mac_os_x
opera
- opera_browser
microsoft
- internet_explorer
- chrome
ibm
- content_manager
CWE
CWE-310
Cryptographic Issues