National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2015-4000 Detail

Description

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Source:  MITRE      Last Modified:  05/20/2015

Quick Info

CVE Dictionary Entry:
CVE-2015-4000
Original release date:
05/20/2015
Last revised:
01/04/2018
Source:
US-CERT/NIST

Impact

CVSS Severity (version 3.0):
CVSS v3 Base Score:
3.7 Low
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N (legend)
Impact Score:
1.4
Exploitability Score:
2.2
CVSS Version 3 Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
Low
Availability (A):
None
CVSS Severity (version 2.0):
CVSS v2 Base Score:
4.3 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc External Source CONFIRM http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery External Source CONFIRM http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc External Source NETBSD NetBSD-SA2015-008
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402 External Source CONFIRM http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778 External Source CONFIRM http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html External Source APPLE APPLE-SA-2015-06-30-1
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html External Source APPLE APPLE-SA-2015-06-30-2
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html External Source FEDORA FEDORA-2015-9130
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html External Source FEDORA FEDORA-2015-9048
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html External Source FEDORA FEDORA-2015-9161
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html External Source SUSE openSUSE-SU-2015:1139
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html External Source SUSE SUSE-SU-2015:1143
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html External Source SUSE SUSE-SU-2015:1150
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html External Source SUSE SUSE-SU-2015:1177
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html External Source SUSE SUSE-SU-2015:1181
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html External Source SUSE SUSE-SU-2015:1182
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html External Source SUSE SUSE-SU-2015:1183
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html External Source SUSE SUSE-SU-2015:1184
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html External Source SUSE SUSE-SU-2015:1185
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html External Source SUSE openSUSE-SU-2015:1229
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html External Source SUSE openSUSE-SU-2015:1266
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html External Source SUSE SUSE-SU-2015:1268
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html External Source SUSE SUSE-SU-2015:1269
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html External Source SUSE openSUSE-SU-2015:1277
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html External Source SUSE openSUSE-SU-2015:1288
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html External Source SUSE openSUSE-SU-2015:1289
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html External Source SUSE SUSE-SU-2015:1319
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html External Source SUSE SUSE-SU-2015:1320
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html External Source SUSE SUSE-SU-2015:1449
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html External Source SUSE SUSE-SU-2015:1581
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html External Source SUSE SUSE-SU-2015:1663
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html External Source SUSE SUSE-SU-2016:0224
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html External Source SUSE openSUSE-SU-2016:0226
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html External Source SUSE openSUSE-SU-2016:0255
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html External Source SUSE openSUSE-SU-2016:0261
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html External Source SUSE SUSE-SU-2016:0262
http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html External Source SUSE openSUSE-SU-2015:1209
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html External Source SUSE openSUSE-SU-2015:1684
http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html External Source SUSE openSUSE-SU-2016:0478
http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html External Source SUSE openSUSE-SU-2016:0483
http://marc.info/?l=bugtraq&m=143506486712441&w=2 External Source HP HPSBMU03356
http://marc.info/?l=bugtraq&m=143557934009303&w=2 External Source HP HPSBGN03351
http://marc.info/?l=bugtraq&m=143558092609708&w=2 External Source HP HPSBGN03362
http://marc.info/?l=bugtraq&m=143628304012255&w=2 External Source HP HPSBGN03361
http://marc.info/?l=bugtraq&m=143637549705650&w=2 External Source HP HPSBUX03363
http://marc.info/?l=bugtraq&m=143655800220052&w=2 External Source HP HPSBGN03373
http://marc.info/?l=bugtraq&m=143880121627664&w=2 External Source HP SSRT102180
http://marc.info/?l=bugtraq&m=144043644216842&w=2 External Source HP HPSBMU03345
http://marc.info/?l=bugtraq&m=144050121701297&w=2 External Source HP HPSBGN03404
http://marc.info/?l=bugtraq&m=144060576831314&w=2 External Source HP HPSBGN03399
http://marc.info/?l=bugtraq&m=144060606031437&w=2 External Source HP HPSBGN03405
http://marc.info/?l=bugtraq&m=144061542602287&w=2 External Source HP HPSBGN03411
http://marc.info/?l=bugtraq&m=144069189622016&w=2 External Source HP HPSBGN03402
http://marc.info/?l=bugtraq&m=144102017024820&w=2 External Source HP HPSBGN03407
http://marc.info/?l=bugtraq&m=144104533800819&w=2 External Source HP HPSBMU03401
http://marc.info/?l=bugtraq&m=144493176821532&w=2 External Source HP SSRT102254
http://marc.info/?l=bugtraq&m=145409266329539&w=2 External Source HP HPSBGN03533
http://openwall.com/lists/oss-security/2015/05/20/8 External Source MLIST [oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice
http://rhn.redhat.com/errata/RHSA-2015-1072.html External Source REDHAT RHSA-2015:1072
http://rhn.redhat.com/errata/RHSA-2015-1185.html External Source REDHAT RHSA-2015:1185
http://rhn.redhat.com/errata/RHSA-2015-1197.html External Source REDHAT RHSA-2015:1197
http://rhn.redhat.com/errata/RHSA-2015-1228.html External Source REDHAT RHSA-2015:1228
http://rhn.redhat.com/errata/RHSA-2015-1229.html External Source REDHAT RHSA-2015:1229
http://rhn.redhat.com/errata/RHSA-2015-1230.html External Source REDHAT RHSA-2015:1230
http://rhn.redhat.com/errata/RHSA-2015-1241.html External Source REDHAT RHSA-2015:1241
http://rhn.redhat.com/errata/RHSA-2015-1242.html External Source REDHAT RHSA-2015:1242
http://rhn.redhat.com/errata/RHSA-2015-1243.html External Source REDHAT RHSA-2015:1243
http://rhn.redhat.com/errata/RHSA-2015-1485.html External Source REDHAT RHSA-2015:1485
http://rhn.redhat.com/errata/RHSA-2015-1486.html External Source REDHAT RHSA-2015:1486
http://rhn.redhat.com/errata/RHSA-2015-1488.html External Source REDHAT RHSA-2015:1488
http://rhn.redhat.com/errata/RHSA-2015-1526.html External Source REDHAT RHSA-2015:1526
http://rhn.redhat.com/errata/RHSA-2015-1544.html External Source REDHAT RHSA-2015:1544
http://rhn.redhat.com/errata/RHSA-2015-1604.html External Source REDHAT RHSA-2015:1604
http://rhn.redhat.com/errata/RHSA-2016-1624.html External Source REDHAT RHSA-2016:1624
http://rhn.redhat.com/errata/RHSA-2016-2056.html External Source REDHAT RHSA-2016:2056
http://support.apple.com/kb/HT204941 External Source CONFIRM http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204942 External Source CONFIRM http://support.apple.com/kb/HT204942
http://support.citrix.com/article/CTX201114 External Source CONFIRM http://support.citrix.com/article/CTX201114
http://www.debian.org/security/2015/dsa-3287 External Source DEBIAN DSA-3287
http://www.debian.org/security/2015/dsa-3300 External Source DEBIAN DSA-3300
http://www.debian.org/security/2015/dsa-3316 External Source DEBIAN DSA-3316
http://www.debian.org/security/2015/dsa-3324 External Source DEBIAN DSA-3324
http://www.debian.org/security/2015/dsa-3339 External Source DEBIAN DSA-3339
http://www.debian.org/security/2016/dsa-3688 External Source DEBIAN DSA-3688
http://www.fortiguard.com/advisory/2015-05-20-logjam-attack External Source CONFIRM http://www.fortiguard.com/advisory/2015-05-20-logjam-attack
http://www.mozilla.org/security/announce/2015/mfsa2015-70.html External Source CONFIRM http://www.mozilla.org/security/announce/2015/mfsa2015-70.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/74733 External Source BID 74733
http://www.securityfocus.com/bid/91787 External Source BID 91787
http://www.securitytracker.com/id/1032474 External Source SECTRACK 1032474
http://www.securitytracker.com/id/1032475 External Source SECTRACK 1032475
http://www.securitytracker.com/id/1032476 External Source SECTRACK 1032476
http://www.securitytracker.com/id/1032637 External Source SECTRACK 1032637
http://www.securitytracker.com/id/1032645 External Source SECTRACK 1032645
http://www.securitytracker.com/id/1032647 External Source SECTRACK 1032647
http://www.securitytracker.com/id/1032648 External Source SECTRACK 1032648
http://www.securitytracker.com/id/1032649 External Source SECTRACK 1032649
http://www.securitytracker.com/id/1032650 External Source SECTRACK 1032650
http://www.securitytracker.com/id/1032651 External Source SECTRACK 1032651
http://www.securitytracker.com/id/1032652 External Source SECTRACK 1032652
http://www.securitytracker.com/id/1032653 External Source SECTRACK 1032653
http://www.securitytracker.com/id/1032654 External Source SECTRACK 1032654
http://www.securitytracker.com/id/1032655 External Source SECTRACK 1032655
http://www.securitytracker.com/id/1032656 External Source SECTRACK 1032656
http://www.securitytracker.com/id/1032688 External Source SECTRACK 1032688
http://www.securitytracker.com/id/1032699 External Source SECTRACK 1032699
http://www.securitytracker.com/id/1032702 External Source SECTRACK 1032702
http://www.securitytracker.com/id/1032727 External Source SECTRACK 1032727
http://www.securitytracker.com/id/1032759 External Source SECTRACK 1032759
http://www.securitytracker.com/id/1032777 External Source SECTRACK 1032777
http://www.securitytracker.com/id/1032778 External Source SECTRACK 1032778
http://www.securitytracker.com/id/1032783 External Source SECTRACK 1032783
http://www.securitytracker.com/id/1032784 External Source SECTRACK 1032784
http://www.securitytracker.com/id/1032856 External Source SECTRACK 1032856
http://www.securitytracker.com/id/1032864 External Source SECTRACK 1032864
http://www.securitytracker.com/id/1032865 External Source SECTRACK 1032865
http://www.securitytracker.com/id/1032871 External Source SECTRACK 1032871
http://www.securitytracker.com/id/1032884 External Source SECTRACK 1032884
http://www.securitytracker.com/id/1032910 External Source SECTRACK 1032910
http://www.securitytracker.com/id/1032932 External Source SECTRACK 1032932
http://www.securitytracker.com/id/1032960 External Source SECTRACK 1032960
http://www.securitytracker.com/id/1033019 External Source SECTRACK 1033019
http://www.securitytracker.com/id/1033064 External Source SECTRACK 1033064
http://www.securitytracker.com/id/1033065 External Source SECTRACK 1033065
http://www.securitytracker.com/id/1033067 External Source SECTRACK 1033067
http://www.securitytracker.com/id/1033208 External Source SECTRACK 1033208
http://www.securitytracker.com/id/1033209 External Source SECTRACK 1033209
http://www.securitytracker.com/id/1033210 External Source SECTRACK 1033210
http://www.securitytracker.com/id/1033222 External Source SECTRACK 1033222
http://www.securitytracker.com/id/1033341 External Source SECTRACK 1033341
http://www.securitytracker.com/id/1033385 External Source SECTRACK 1033385
http://www.securitytracker.com/id/1033416 External Source SECTRACK 1033416
http://www.securitytracker.com/id/1033430 External Source SECTRACK 1033430
http://www.securitytracker.com/id/1033433 External Source SECTRACK 1033433
http://www.securitytracker.com/id/1033513 External Source SECTRACK 1033513
http://www.securitytracker.com/id/1033760 External Source SECTRACK 1033760
http://www.securitytracker.com/id/1033891 External Source SECTRACK 1033891
http://www.securitytracker.com/id/1033991 External Source SECTRACK 1033991
http://www.securitytracker.com/id/1034087 External Source SECTRACK 1034087
http://www.securitytracker.com/id/1034728 External Source SECTRACK 1034728
http://www.securitytracker.com/id/1034884 External Source SECTRACK 1034884
http://www.securitytracker.com/id/1036218 External Source SECTRACK 1036218
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm External Source CONFIRM http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm
http://www.ubuntu.com/usn/USN-2656-1 External Source UBUNTU USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2 External Source UBUNTU USN-2656-2
http://www.ubuntu.com/usn/USN-2673-1 External Source UBUNTU USN-2673-1
http://www.ubuntu.com/usn/USN-2696-1 External Source UBUNTU USN-2696-1
http://www.ubuntu.com/usn/USN-2706-1 External Source UBUNTU USN-2706-1
http://www-01.ibm.com/support/docview.wss?uid=swg21959111 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21959111
http://www-01.ibm.com/support/docview.wss?uid=swg21959195 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21959195
http://www-01.ibm.com/support/docview.wss?uid=swg21959325 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21959325
http://www-01.ibm.com/support/docview.wss?uid=swg21959453 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21959453
http://www-01.ibm.com/support/docview.wss?uid=swg21959481 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21959481
http://www-01.ibm.com/support/docview.wss?uid=swg21959517 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21959517
http://www-01.ibm.com/support/docview.wss?uid=swg21959530 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21959530
http://www-01.ibm.com/support/docview.wss?uid=swg21959539 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21959539
http://www-01.ibm.com/support/docview.wss?uid=swg21959636 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21959636
http://www-01.ibm.com/support/docview.wss?uid=swg21959812 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21959812
http://www-01.ibm.com/support/docview.wss?uid=swg21960191 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21960191
http://www-01.ibm.com/support/docview.wss?uid=swg21961717 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21961717
http://www-01.ibm.com/support/docview.wss?uid=swg21962455 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21962455
http://www-01.ibm.com/support/docview.wss?uid=swg21962739 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21962739
http://www-304.ibm.com/support/docview.wss?uid=swg21958984 External Source CONFIRM http://www-304.ibm.com/support/docview.wss?uid=swg21958984
http://www-304.ibm.com/support/docview.wss?uid=swg21959132 External Source CONFIRM http://www-304.ibm.com/support/docview.wss?uid=swg21959132
http://www-304.ibm.com/support/docview.wss?uid=swg21960041 External Source CONFIRM http://www-304.ibm.com/support/docview.wss?uid=swg21960041
http://www-304.ibm.com/support/docview.wss?uid=swg21960194 External Source CONFIRM http://www-304.ibm.com/support/docview.wss?uid=swg21960194
http://www-304.ibm.com/support/docview.wss?uid=swg21960380 External Source CONFIRM http://www-304.ibm.com/support/docview.wss?uid=swg21960380
http://www-304.ibm.com/support/docview.wss?uid=swg21960418 External Source CONFIRM http://www-304.ibm.com/support/docview.wss?uid=swg21960418
http://www-304.ibm.com/support/docview.wss?uid=swg21962816 External Source CONFIRM http://www-304.ibm.com/support/docview.wss?uid=swg21962816
http://www-304.ibm.com/support/docview.wss?uid=swg21967893 External Source CONFIRM http://www-304.ibm.com/support/docview.wss?uid=swg21967893
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/ External Source MISC https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
https://bto.bluecoat.com/security-advisory/sa98 External Source CONFIRM https://bto.bluecoat.com/security-advisory/sa98
https://bugzilla.mozilla.org/show_bug.cgi?id=1138554 External Source CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=1138554
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes External Source CONFIRM https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196 External Source HP SSRT102112
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083
https://kc.mcafee.com/corporate/index?page=content&id=SB10122 External Source CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10122
https://openssl.org/news/secadv/20150611.txt External Source CONFIRM https://openssl.org/news/secadv/20150611.txt
https://puppet.com/security/cve/CVE-2015-4000 External Source CONFIRM https://puppet.com/security/cve/CVE-2015-4000
https://security.gentoo.org/glsa/201506-02 External Source GENTOO GLSA-201506-02
https://security.gentoo.org/glsa/201512-10 External Source GENTOO GLSA-201512-10
https://security.gentoo.org/glsa/201603-11 External Source GENTOO GLSA-201603-11
https://security.gentoo.org/glsa/201701-46 External Source GENTOO GLSA-201701-46
https://security.netapp.com/advisory/ntap-20150619-0001/ External Source CONFIRM https://security.netapp.com/advisory/ntap-20150619-0001/
https://support.citrix.com/article/CTX216642 External Source CONFIRM https://support.citrix.com/article/CTX216642
https://weakdh.org/ External Source MISC https://weakdh.org/
https://weakdh.org/imperfect-forward-secrecy.pdf Vendor Advisory External Source MISC https://weakdh.org/imperfect-forward-secrecy.pdf
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ External Source CONFIRM https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
https://www.openssl.org/news/secadv_20150611.txt Vendor Advisory External Source CONFIRM https://www.openssl.org/news/secadv_20150611.txt
https://www.suse.com/security/cve/CVE-2015-4000.html External Source CONFIRM https://www.suse.com/security/cve/CVE-2015-4000.html
https://www-304.ibm.com/support/docview.wss?uid=swg21959745 External Source CONFIRM https://www-304.ibm.com/support/docview.wss?uid=swg21959745
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403 External Source CONFIRM https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*    versions up to (including) 1.0.1m
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*    versions up to (including) 1.0.2a
Configuration 2
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Configuration 3
AND
OR
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*    versions up to (including) 1.0.1m
OR
cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
Configuration 4
OR
cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*
Configuration 5
OR
cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*
Configuration 6
OR
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Configuration 7
OR
cpe:2.3:a:oracle:jdk:1.6.0:update_95:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update_75:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update_80:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update_45:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*
Configuration 8
OR
cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
Configuration 9
OR
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*    versions up to (including) 8.3
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*    versions up to (including) 10.10.3
Configuration 10
OR
cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*
Configuration 11
OR
cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*    versions up to (including) 1121
Configuration 12
OR
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*
Configuration 13
OR
cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*
cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 47 change records found - show changes