CVE-2015-4000

Опубликовано: 21 мая 2015

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Критический

Описание

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Ссылки

http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
Third Party Advisory
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
Third Party Advisory
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
Mailing List
Third Party Advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
Third Party Advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Версия от 1.0.1 (включая) до 1.0.1m (включая)

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Версия от 1.0.2 (включая) до 1.0.2a (включая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Версия до 1.0.1m (включая)

cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*

Конфигурация 5

cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 7

Одно из

cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*

Конфигурация 8

Одно из

cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*

Конфигурация 9

Одно из

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 8.3 (включая)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия до 10.10.3 (включая)

Конфигурация 10

cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*

Конфигурация 11

cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*

Версия до 1121 (включая)

Конфигурация 12

Одно из

cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*

Конфигурация 13

Одно из

cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*

cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.94027

Критический

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

CVE-2015-4000

CVSS3: 3.7

ubuntu

около 10 лет назад

CVE-2015-4000

CVSS3: 3.7

redhat

около 10 лет назад

CVE-2015-4000

CVSS3: 3.7

debian

около 10 лет назад

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ena ...

openSUSE-SU-2016:2267-1

suse-cvrf

почти 9 лет назад

Security update for libtcnative-1-0

openSUSE-SU-2016:0478-1

suse-cvrf

больше 9 лет назад

Security update for socat

EPSS

Процентиль: 100%

0.94027

Критический

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-310