4.3

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version >= 1.0.1 <= 1.0.1m
OpenSSLOpenSSL Version >= 1.0.2 <= 1.0.2a
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version14.10
CanonicalUbuntu Linux Version15.04
OpenSSLOpenSSL Version <= 1.0.1m
HpHp-ux Versionb.11.31
IbmContent Manager Version8.5 SwPlatformenterprise
OracleJrockit Versionr28.3.6
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
OracleJdk Version1.6.0 Updateupdate95
OracleJdk Version1.7.0 Updateupdate75
OracleJdk Version1.7.0 Updateupdate80
OracleJdk Version1.8.0 Updateupdate_33
OracleJdk Version1.8.0 Updateupdate45
OracleJre Version1.6.0 Updateupdate_95
OracleJre Version1.7.0 Updateupdate_75
OracleJre Version1.7.0 Updateupdate_80
OracleJre Version1.8.0 Updateupdate_33
OracleJre Version1.8.0 Updateupdate_45
SuseLinux Enterprise Server Version11.0 Updatesp4
AppleiPhone OS Version <= 8.3
ApplemacOS X Version <= 10.10.3
OracleSparc-opl Service Processor Version <= 1121
AppleSafari Version-
GoogleChrome Version-
MozillaFirefox Version-
OperaOpera Browser Version-
MozillaFirefox Version38.1.0
MozillaFirefox Version39.0
MozillaFirefox ESR Version31.8
MozillaSeamonkey Version2.35
MozillaThunderbird Version31.8
MozillaThunderbird Version38.1
MozillaFirefox Os Version2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 99.86% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.7 2.2 1.4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Third Party Advisory
Mailing List
https://www.oracle.com/security-alerts/cpujan2021.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Third Party Advisory
https://support.citrix.com/article/CTX216642
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
Third Party Advisory
Mailing List
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT204941
Third Party Advisory
http://support.apple.com/kb/HT204942
Third Party Advisory
http://marc.info/?l=bugtraq&m=144493176821532&w=2
Third Party Advisory
Mailing List
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=144043644216842&w=2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/91787
Third Party Advisory
VDB Entry
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
Third Party Advisory
https://security.gentoo.org/glsa/201603-11
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=144060576831314&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=144060606031437&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=144069189622016&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=144102017024820&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=144104533800819&w=2
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2015-1228.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1229.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1230.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1241.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1242.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1243.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1526.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3316
Third Party Advisory
http://www.debian.org/security/2015/dsa-3339
Third Party Advisory
http://www.securitytracker.com/id/1032910
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2696-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2706-1
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
Third Party Advisory
https://security.gentoo.org/glsa/201512-10
Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960194
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
Third Party Advisory
http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
Third Party Advisory
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
Third Party Advisory
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
Third Party Advisory
Mailing List
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
Third Party Advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=143506486712441&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=143557934009303&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=143558092609708&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=143628304012255&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=143637549705650&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=143655800220052&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=143880121627664&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=144050121701297&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=144061542602287&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=145409266329539&w=2
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2015/05/20/8
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2015-1072.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1185.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1197.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1485.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1486.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1488.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1544.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1604.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1624.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2056.html
Third Party Advisory
http://support.citrix.com/article/CTX201114
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959111
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959195
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959325
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959453
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959481
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959517
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959530
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959539
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959636
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959812
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21960191
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21961717
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21962455
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21962739
Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21958984
Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21959132
Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960041
Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960380
Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960418
Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21962816
Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21967893
Third Party Advisory
http://www.debian.org/security/2015/dsa-3287
Third Party Advisory
http://www.debian.org/security/2015/dsa-3300
Third Party Advisory
http://www.debian.org/security/2015/dsa-3324
Third Party Advisory
http://www.debian.org/security/2016/dsa-3688
Third Party Advisory
http://www.fortiguard.com/advisory/2015-05-20-logjam-attack
Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-70.html
Third Party Advisory
http://www.securityfocus.com/bid/74733
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032474
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032475
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032476
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032637
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032645
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032647
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032648
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032649
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032650
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032651
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032652
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032653
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032654
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032655
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032656
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032688
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032699
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032702
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032727
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032759
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032777
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032778
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032783
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032784
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032856
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032864
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032865
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032871
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032884
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032932
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032960
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033019
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033064
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033065
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033067
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033208
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033209
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033210
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033222
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033341
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033385
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033416
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033430
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033433
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033513
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033760
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033891
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033991
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034087
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034728
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034884
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036218
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040630
Third Party Advisory
VDB Entry
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm
Third Party Advisory
http://www.ubuntu.com/usn/USN-2656-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2656-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-2673-1
Third Party Advisory
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa98
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1138554
Third Party Advisory
Issue Tracking
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
Third Party Advisory
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839
Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
Third Party Advisory
https://openssl.org/news/secadv/20150611.txt
Vendor Advisory
https://puppet.com/security/cve/CVE-2015-4000
Third Party Advisory
https://security.gentoo.org/glsa/201506-02
Third Party Advisory
https://security.gentoo.org/glsa/201701-46
Third Party Advisory
https://security.netapp.com/advisory/ntap-20150619-0001/
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
Third Party Advisory
https://weakdh.org/
Third Party Advisory
https://weakdh.org/imperfect-forward-secrecy.pdf
Third Party Advisory
https://www-304.ibm.com/support/docview.wss?uid=swg21959745
Third Party Advisory
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403
Third Party Advisory
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
Vendor Advisory
https://www.openssl.org/news/secadv_20150611.txt
Vendor Advisory
https://www.suse.com/security/cve/CVE-2015-4000.html
Third Party Advisory