Home / Early Warning / Vulnerabilidades / CVE-2015-4000

CVE-2015-4000

Type: 
Cryptographic Issues
Severity: 
Medium
Publication date: 
05/20/2015
Last modified: 
07/23/2021
Description
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Impact
Access Vector: Through network
Access Complexity: Media
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + No impact on system confidentiality + No impact on system availability
Vulnerable software and versions
  • cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
  • cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update_80:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_95:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*
  • cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields