4.3

CVE-2015-0204

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue.  NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.8zc
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
OpenSSLOpenSSL Version1.0.0e
OpenSSLOpenSSL Version1.0.0f
OpenSSLOpenSSL Version1.0.0g
OpenSSLOpenSSL Version1.0.0h
OpenSSLOpenSSL Version1.0.0i
OpenSSLOpenSSL Version1.0.0j
OpenSSLOpenSSL Version1.0.0k
OpenSSLOpenSSL Version1.0.0l
OpenSSLOpenSSL Version1.0.0m
OpenSSLOpenSSL Version1.0.0n
OpenSSLOpenSSL Version1.0.0o
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 98.69% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://support.citrix.com/article/CTX216642
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
https://support.apple.com/HT204659
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://marc.info/?l=bugtraq&m=142496179803395&w=2
http://marc.info/?l=bugtraq&m=142496289803847&w=2
http://marc.info/?l=bugtraq&m=142721102728110&w=2
http://marc.info/?l=bugtraq&m=142895206924048&w=2
http://marc.info/?l=bugtraq&m=144050205101530&w=2
http://marc.info/?l=bugtraq&m=144050254401665&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
http://www.debian.org/security/2015/dsa-3125
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.securitytracker.com/id/1033378
https://bto.bluecoat.com/security-advisory/sa88
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://www.openssl.org/news/secadv_20150108.txt
Vendor Advisory
http://marc.info/?l=bugtraq&m=142720981827617&w=2
http://rhn.redhat.com/errata/RHSA-2015-0066.html
http://rhn.redhat.com/errata/RHSA-2015-0849.html
http://rhn.redhat.com/errata/RHSA-2016-1650.html
http://rhn.redhat.com/errata/RHSA-2015-0800.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
http://marc.info/?l=bugtraq&m=143213830203296&w=2
http://marc.info/?l=bugtraq&m=144043644216842&w=2
http://support.novell.com/security/cve/CVE-2015-0204.html
http://www-01.ibm.com/support/docview.wss?uid=swg21883640
http://www-304.ibm.com/support/docview.wss?uid=swg21960769
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063
http://www.securityfocus.com/bid/71936
http://www.securityfocus.com/bid/91787
https://bto.bluecoat.com/security-advisory/sa91
https://exchange.xforce.ibmcloud.com/vulnerabilities/99707
https://freakattack.com/
Vendor Advisory
https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
https://security.gentoo.org/glsa/201503-11
https://www.openssl.org/news/secadv_20150319.txt