CVE-2015-4000

Severity

43%

Complexity

86%

Confidentiality

48%

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

CVSS 3.0 Base Score 3.7. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 9 years ago

2015-05-21 00:59:00

Last updated 5 years ago

2019-10-09 23:14:00

Affected Software

OpenSSL Project OpenSSL

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 14.10

14.10

Canonical Ubuntu Linux 15.04

15.04

IBM Content Manager 8.5 Enterprise

8.5
enterprise

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

Oracle JDK 1.6.0 Update 95

1.6.0

Oracle Java Development Kit (JDK) 1.7.0 Update 75

1.7.0

Oracle JDK 1.7.0 Update 80

1.7.0

Oracle Java Development Kit (JDK) 1.8.0 Update 45

1.8.0

SUSE Linux Enterprise Desktop 12

12

SUSE Linux Enterprise Software Development Kit (SDK) 12

12

SUSE Linux Enterprise Server (SLES) 12

12

Apple Mac OS X

Mozilla Network Security Services (NSS) 3.19

3.19

Apple Safari

Microsoft Internet Explorer

Mozilla Firefox

Mozilla Firefox 39.0

39.0

Mozilla Firefox Extended Support Release (ESR) 31.8

31.8

Mozilla Firefox ESR 38.1.0

38.1.0

Mozilla Seamonkey 2.35

2.35

Mozilla Firefox OS 2.2

2.2

References

http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc

Third Party Advisory

http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery

Third Party Advisory

NetBSD-SA2015-008

Mailing List, Third Party Advisory

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402

Third Party Advisory

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727

Third Party Advisory

APPLE-SA-2015-06-30-1

Mailing List, Third Party Advisory

APPLE-SA-2015-06-30-2

Mailing List, Third Party Advisory

FEDORA-2015-9130

Mailing List, Third Party Advisory

FEDORA-2015-9048

Mailing List, Third Party Advisory

FEDORA-2015-9161

Mailing List, Third Party Advisory

openSUSE-SU-2015:1139

Mailing List, Third Party Advisory

SUSE-SU-2015:1143

Mailing List, Third Party Advisory

SUSE-SU-2015:1150

Mailing List, Third Party Advisory

SUSE-SU-2015:1177

Mailing List, Third Party Advisory

SUSE-SU-2015:1181

Mailing List, Third Party Advisory

SUSE-SU-2015:1182

Mailing List, Third Party Advisory

SUSE-SU-2015:1183

Mailing List, Third Party Advisory

SUSE-SU-2015:1184

Mailing List, Third Party Advisory

SUSE-SU-2015:1185

Mailing List, Third Party Advisory

openSUSE-SU-2015:1229

Mailing List, Third Party Advisory

openSUSE-SU-2015:1266

Mailing List, Third Party Advisory

SUSE-SU-2015:1268

Mailing List, Third Party Advisory

SUSE-SU-2015:1269

Mailing List, Third Party Advisory

openSUSE-SU-2015:1277

Mailing List, Third Party Advisory

openSUSE-SU-2015:1288

Mailing List, Third Party Advisory

openSUSE-SU-2015:1289

Mailing List, Third Party Advisory

SUSE-SU-2015:1319

Mailing List, Third Party Advisory

SUSE-SU-2015:1320

Mailing List, Third Party Advisory

SUSE-SU-2015:1449

Mailing List, Third Party Advisory

SUSE-SU-2015:1581

Mailing List, Third Party Advisory

SUSE-SU-2015:1663

Mailing List, Third Party Advisory

SUSE-SU-2016:0224

Mailing List, Third Party Advisory

openSUSE-SU-2016:0226

Mailing List, Third Party Advisory

openSUSE-SU-2016:0255

Mailing List, Third Party Advisory

openSUSE-SU-2016:0261

Mailing List, Third Party Advisory

SUSE-SU-2016:0262

Mailing List, Third Party Advisory

openSUSE-SU-2015:1209

Mailing List, Third Party Advisory

openSUSE-SU-2015:1684

Mailing List, Third Party Advisory

openSUSE-SU-2016:0478

Mailing List, Third Party Advisory

openSUSE-SU-2016:0483

Mailing List, Third Party Advisory

HPSBMU03356

Mailing List, Third Party Advisory

HPSBGN03351

Mailing List, Third Party Advisory

HPSBGN03362

Mailing List, Third Party Advisory

HPSBGN03361

Mailing List, Third Party Advisory

HPSBUX03363

Mailing List, Third Party Advisory

HPSBGN03373

Mailing List, Third Party Advisory

SSRT102180

Mailing List, Third Party Advisory

HPSBMU03345

Mailing List, Third Party Advisory

HPSBGN03404

Mailing List, Third Party Advisory

HPSBGN03399

Mailing List, Third Party Advisory

HPSBGN03405

Mailing List, Third Party Advisory

HPSBGN03411

Mailing List, Third Party Advisory

HPSBGN03402

Mailing List, Third Party Advisory

HPSBGN03407

Mailing List, Third Party Advisory

HPSBMU03401

Mailing List, Third Party Advisory

HPSBUX03512

Mailing List, Third Party Advisory

HPSBGN03533

Mailing List, Third Party Advisory

[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice

Mailing List, Third Party Advisory

RHSA-2015:1072

Third Party Advisory

RHSA-2015:1185

Third Party Advisory

RHSA-2015:1197

Third Party Advisory

RHSA-2015:1228

Third Party Advisory

RHSA-2015:1229

Third Party Advisory

RHSA-2015:1230

Third Party Advisory

RHSA-2015:1241

Third Party Advisory

RHSA-2015:1242

Third Party Advisory

RHSA-2015:1243

Third Party Advisory

RHSA-2015:1485

Third Party Advisory

RHSA-2015:1486

Third Party Advisory

RHSA-2015:1488

Third Party Advisory

RHSA-2015:1526

Third Party Advisory

RHSA-2015:1544

Third Party Advisory

RHSA-2015:1604

Third Party Advisory

RHSA-2016:1624

Third Party Advisory

RHSA-2016:2056

Third Party Advisory

http://support.apple.com/kb/HT204941

Third Party Advisory

http://support.apple.com/kb/HT204942

Third Party Advisory

http://support.citrix.com/article/CTX201114

Third Party Advisory

DSA-3287

Third Party Advisory

DSA-3300

Third Party Advisory

DSA-3316

Third Party Advisory

DSA-3324

Third Party Advisory

DSA-3339

Third Party Advisory

DSA-3688

Third Party Advisory

http://www.fortiguard.com/advisory/2015-05-20-logjam-attack

Third Party Advisory

http://www.mozilla.org/security/announce/2015/mfsa2015-70.html

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Patch, Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Patch, Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Third Party Advisory

74733

Third Party Advisory, VDB Entry

91787

Third Party Advisory, VDB Entry

1032474

Third Party Advisory, VDB Entry

1032475

Third Party Advisory, VDB Entry

1032476

Third Party Advisory, VDB Entry

1032637

Third Party Advisory, VDB Entry

1032645

Third Party Advisory, VDB Entry

1032647

Third Party Advisory, VDB Entry

1032648

Third Party Advisory, VDB Entry

1032649

Third Party Advisory, VDB Entry

1032650

Third Party Advisory, VDB Entry

1032651

Third Party Advisory, VDB Entry

1032652

Third Party Advisory, VDB Entry

1032653

Third Party Advisory, VDB Entry

1032654

Third Party Advisory, VDB Entry

1032655

Third Party Advisory, VDB Entry

1032656

Third Party Advisory, VDB Entry

1032688

Third Party Advisory, VDB Entry

1032699

Third Party Advisory, VDB Entry

1032702

Third Party Advisory, VDB Entry

1032727

Third Party Advisory, VDB Entry

1032759

Third Party Advisory, VDB Entry

1032777

Third Party Advisory, VDB Entry

1032778

Third Party Advisory, VDB Entry

1032783

Third Party Advisory, VDB Entry

1032784

Third Party Advisory, VDB Entry

1032856

Third Party Advisory, VDB Entry

1032864

Third Party Advisory, VDB Entry

1032865

Third Party Advisory, VDB Entry

1032871

Third Party Advisory, VDB Entry

1032884

Third Party Advisory, VDB Entry

1032910

Third Party Advisory, VDB Entry

1032932

Third Party Advisory, VDB Entry

1032960

Third Party Advisory, VDB Entry

1033019

Third Party Advisory, VDB Entry

1033064

Third Party Advisory, VDB Entry

1033065

Third Party Advisory, VDB Entry

1033067

Third Party Advisory, VDB Entry

1033208

Third Party Advisory, VDB Entry

1033209

Third Party Advisory, VDB Entry

1033210

Third Party Advisory, VDB Entry

1033222

Third Party Advisory, VDB Entry

1033341

Third Party Advisory, VDB Entry

1033385

Third Party Advisory, VDB Entry

1033416

Third Party Advisory, VDB Entry

1033430

Third Party Advisory, VDB Entry

1033433

Third Party Advisory, VDB Entry

1033513

Third Party Advisory, VDB Entry

1033760

Third Party Advisory, VDB Entry

1033891

Third Party Advisory, VDB Entry

1033991

Third Party Advisory, VDB Entry

1034087

Third Party Advisory, VDB Entry

1034728

Third Party Advisory, VDB Entry

1034884

Third Party Advisory, VDB Entry

1036218

Third Party Advisory, VDB Entry

1040630

Third Party Advisory, VDB Entry

http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm

Third Party Advisory

USN-2656-1

Third Party Advisory

USN-2656-2

Third Party Advisory

USN-2673-1

Third Party Advisory

USN-2696-1

Third Party Advisory

USN-2706-1

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21959111

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21959195

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21959325

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21959453

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21959481

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21959517

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21959530

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21959539

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21959636

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21959812

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21960191

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21961717

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21962455

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21962739

Third Party Advisory

http://www-304.ibm.com/support/docview.wss?uid=swg21958984

Third Party Advisory

http://www-304.ibm.com/support/docview.wss?uid=swg21959132

Third Party Advisory

http://www-304.ibm.com/support/docview.wss?uid=swg21960041

Third Party Advisory

http://www-304.ibm.com/support/docview.wss?uid=swg21960194

Third Party Advisory

http://www-304.ibm.com/support/docview.wss?uid=swg21960380

Third Party Advisory

http://www-304.ibm.com/support/docview.wss?uid=swg21960418

Third Party Advisory

http://www-304.ibm.com/support/docview.wss?uid=swg21962816

Third Party Advisory

http://www-304.ibm.com/support/docview.wss?uid=swg21967893

Third Party Advisory

https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/

Third Party Advisory

https://bto.bluecoat.com/security-advisory/sa98

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1138554

Issue Tracking, Third Party Advisory

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes

Third Party Advisory

SSRT102112

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929

Third Party Advisory

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083

Third Party Advisory

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10122

Third Party Advisory

https://openssl.org/news/secadv/20150611.txt

Vendor Advisory

https://puppet.com/security/cve/CVE-2015-4000

Third Party Advisory

GLSA-201506-02

Third Party Advisory

GLSA-201512-10

Third Party Advisory

GLSA-201603-11

Third Party Advisory

GLSA-201701-46

Third Party Advisory

https://security.netapp.com/advisory/ntap-20150619-0001/

Third Party Advisory

https://support.citrix.com/article/CTX216642

Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us

Third Party Advisory

https://weakdh.org/

Third Party Advisory

https://weakdh.org/imperfect-forward-secrecy.pdf

Third Party Advisory

https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/

Vendor Advisory

https://www.openssl.org/news/secadv_20150611.txt

Vendor Advisory

https://www.suse.com/security/cve/CVE-2015-4000.html

Third Party Advisory

https://www-304.ibm.com/support/docview.wss?uid=swg21959745

Third Party Advisory

https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.