4.3
CVE-2015-4000
- EPSS 94.03%
- Published 21.05.2015 00:59:00
- Last modified 12.04.2025 10:46:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Data is provided by the National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.10
Canonical ≫ Ubuntu Linux Version15.04
Ibm ≫ Content Manager Version8.5 SwPlatformenterprise
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Suse ≫ Linux Enterprise Desktop Version12
Suse ≫ Linux Enterprise Server Version11.0 Updatesp4
Suse ≫ Linux Enterprise Software Development Kit Version12
Suse ≫ Suse Linux Enterprise Server Version12
Mozilla ≫ Network Security Services Version3.19
Oracle ≫ Sparc-opl Service Processor Version <= 1121
Microsoft ≫ Internet Explorer Version-
Opera ≫ Opera Browser Version-
Mozilla ≫ Firefox ESR Version31.8
Mozilla ≫ Thunderbird Version31.8
Mozilla ≫ Thunderbird Version38.1
Mozilla ≫ Firefox Os Version2.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.03% | 0.999 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.7 | 2.2 | 1.4 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|