CVE-2015-4000
LOWCVSS 3.7/10EPSS 99.86%
Last modified
CVE-2015-4000 is a low-severity vulnerability rated 3.7/10 on the CVSS scale. The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.. EPSS estimates a 99.86% chance of exploitation in the next 30 days.
Description
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Openssl | Openssl | >= 1.0.1, <= 1.0.1m | — |
| Openssl | Openssl | >= 1.0.2, <= 1.0.2a | — |
| Canonical | Ubuntu Linux | 12.04 | — |
| Canonical | Ubuntu Linux | 14.04 | — |
| Canonical | Ubuntu Linux | 14.10 | — |
| Canonical | Ubuntu Linux | 15.04 | — |
| Openssl | Openssl | <= 1.0.1m | — |
| Hp | Hp-Ux | b.11.31 | — |
| Ibm | Content Manager | 8.5 | — |
| Oracle | Jrockit | r28.3.6 | — |
| Debian | Debian Linux | 7.0 | — |
| Debian | Debian Linux | 8.0 | — |
| Oracle | Jdk | 1.6.0 | Update95 |
| Oracle | Jdk | 1.7.0 | Update75 |
| Oracle | Jdk | 1.8.0 | Update 33 |
| Oracle | Jre | 1.6.0 | Update 95 |
| Oracle | Jre | 1.7.0 | Update 75 |
| Oracle | Jre | 1.8.0 | Update 33 |
| Suse | Linux Enterprise Desktop | 12 | — |
| Suse | Linux Enterprise Server | 11.0 | Sp4 |
| Suse | Linux Enterprise Software Development Kit | 12 | — |
| Suse | Suse Linux Enterprise Server | 12 | — |
| Apple | Iphone Os | <= 8.3 | — |
| Apple | Mac Os X | <= 10.10.3 | — |
| Mozilla | Network Security Services | 3.19 | — |
| Oracle | Sparc-Opl Service Processor | <= 1121 | — |
| Apple | Safari | All versions | — |
| Chrome | All versions | — | |
| Microsoft | Internet Explorer | All versions | — |
| Mozilla | Firefox | All versions | — |
| Opera | Opera Browser | All versions | — |
| Mozilla | Firefox | 38.1.0 | — |
| Mozilla | Firefox | 39.0 | — |
| Mozilla | Firefox Esr | 31.8 | — |
| Mozilla | Seamonkey | 2.35 | — |
| Mozilla | Thunderbird | 31.8 | — |
| Mozilla | Thunderbird | 38.1 | — |
| Mozilla | Firefox Os | 2.2 | — |
References
- http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.ascThird Party Advisory
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascMailing List, Third Party Advisory
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402Third Party Advisory
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778Third Party Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681Third Party Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727Third Party Advisory
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlMailing List, Third Party Advisory
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143506486712441&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143557934009303&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143558092609708&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143628304012255&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143637549705650&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143655800220052&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143880121627664&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144043644216842&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144050121701297&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144060576831314&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144060606031437&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144061542602287&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144069189622016&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144102017024820&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144104533800819&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144493176821532&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=145409266329539&w=2Mailing List, Third Party Advisory
- http://openwall.com/lists/oss-security/2015/05/20/8Mailing List, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1072.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1185.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1197.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1228.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1229.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1230.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1241.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1242.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1243.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1485.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1486.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1488.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1526.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1544.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1604.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1624.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-2056.htmlThird Party Advisory
- http://support.apple.com/kb/HT204941Third Party Advisory
- http://support.apple.com/kb/HT204942Third Party Advisory
- http://support.citrix.com/article/CTX201114Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959111Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959195Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959325Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959453Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959481Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959517Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959530Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959539Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959636Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959812Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21960191Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21961717Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21962455Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21962739Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21958984Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21959132Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21960041Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21960194Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21960380Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21960418Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21962816Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21967893Third Party Advisory
- http://www.debian.org/security/2015/dsa-3287Third Party Advisory
- http://www.debian.org/security/2015/dsa-3300Third Party Advisory
- http://www.debian.org/security/2015/dsa-3316Third Party Advisory
- http://www.debian.org/security/2015/dsa-3324Third Party Advisory
- http://www.debian.org/security/2015/dsa-3339Third Party Advisory
- http://www.debian.org/security/2016/dsa-3688Third Party Advisory
- http://www.fortiguard.com/advisory/2015-05-20-logjam-attackThird Party Advisory
- http://www.mozilla.org/security/announce/2015/mfsa2015-70.htmlThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlThird Party Advisory
- http://www.securityfocus.com/bid/74733Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/91787Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032474Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032475Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032476Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032637Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032645Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032647Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032648Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032649Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032650Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032651Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032652Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032653Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032654Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032655Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032656Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032688Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032699Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032702Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032727Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032759Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032777Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032778Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032783Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032784Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032856Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032864Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032865Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032871Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032884Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032910Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032932Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032960Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033019Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033064Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033065Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033067Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033208Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033209Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033210Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033222Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033341Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033385Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033416Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033430Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033433Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033513Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033760Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033891Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033991Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034087Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034728Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034884Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1036218Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040630Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2656-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2656-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-2673-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2696-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2706-1Third Party Advisory
- https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/Third Party Advisory
- https://bto.bluecoat.com/security-advisory/sa98Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1138554Issue Tracking, Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfThird Party Advisory
- https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10122Third Party Advisory
- https://openssl.org/news/secadv/20150611.txtVendor Advisory
- https://puppet.com/security/cve/CVE-2015-4000Third Party Advisory
- https://security.gentoo.org/glsa/201506-02Third Party Advisory
- https://security.gentoo.org/glsa/201512-10Third Party Advisory
- https://security.gentoo.org/glsa/201603-11Third Party Advisory
- https://security.gentoo.org/glsa/201701-46Third Party Advisory
- https://security.netapp.com/advisory/ntap-20150619-0001/Third Party Advisory
- https://support.citrix.com/article/CTX216642Third Party Advisory
- https://weakdh.org/Third Party Advisory
- https://weakdh.org/imperfect-forward-secrecy.pdfThird Party Advisory
- https://www-304.ibm.com/support/docview.wss?uid=swg21959745Third Party Advisory
- https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403Third Party Advisory
- https://www.openssl.org/news/secadv_20150611.txtVendor Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
- https://www.suse.com/security/cve/CVE-2015-4000.htmlThird Party Advisory
- http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.ascThird Party Advisory
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascMailing List, Third Party Advisory
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402Third Party Advisory
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778Third Party Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681Third Party Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727Third Party Advisory
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlMailing List, Third Party Advisory
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143506486712441&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143557934009303&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143558092609708&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143628304012255&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143637549705650&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143655800220052&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=143880121627664&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144043644216842&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144050121701297&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144060576831314&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144060606031437&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144061542602287&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144069189622016&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144102017024820&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144104533800819&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=144493176821532&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=145409266329539&w=2Mailing List, Third Party Advisory
- http://openwall.com/lists/oss-security/2015/05/20/8Mailing List, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1072.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1185.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1197.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1228.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1229.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1230.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1241.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1242.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1243.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1485.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1486.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1488.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1526.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1544.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1604.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1624.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-2056.htmlThird Party Advisory
- http://support.apple.com/kb/HT204941Third Party Advisory
- http://support.apple.com/kb/HT204942Third Party Advisory
- http://support.citrix.com/article/CTX201114Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959111Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959195Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959325Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959453Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959481Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959517Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959530Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959539Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959636Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959812Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21960191Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21961717Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21962455Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21962739Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21958984Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21959132Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21960041Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21960194Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21960380Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21960418Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21962816Third Party Advisory
- http://www-304.ibm.com/support/docview.wss?uid=swg21967893Third Party Advisory
- http://www.debian.org/security/2015/dsa-3287Third Party Advisory
- http://www.debian.org/security/2015/dsa-3300Third Party Advisory
- http://www.debian.org/security/2015/dsa-3316Third Party Advisory
- http://www.debian.org/security/2015/dsa-3324Third Party Advisory
- http://www.debian.org/security/2015/dsa-3339Third Party Advisory
- http://www.debian.org/security/2016/dsa-3688Third Party Advisory
- http://www.fortiguard.com/advisory/2015-05-20-logjam-attackThird Party Advisory
- http://www.mozilla.org/security/announce/2015/mfsa2015-70.htmlThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlThird Party Advisory
- http://www.securityfocus.com/bid/74733Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/91787Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032474Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032475Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032476Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032637Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032645Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032647Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032648Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032649Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032650Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032651Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032652Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032653Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032654Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032655Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032656Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032688Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032699Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032702Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032727Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032759Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032777Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032778Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032783Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032784Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032856Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032864Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032865Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032871Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032884Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032910Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032932Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032960Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033019Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033064Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033065Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033067Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033208Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033209Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033210Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033222Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033341Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033385Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033416Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033430Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033433Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033513Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033760Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033891Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033991Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034087Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034728Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034884Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1036218Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040630Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2656-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2656-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-2673-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2696-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2706-1Third Party Advisory
- https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/Third Party Advisory
- https://bto.bluecoat.com/security-advisory/sa98Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1138554Issue Tracking, Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfThird Party Advisory
- https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10122Third Party Advisory
- https://openssl.org/news/secadv/20150611.txtVendor Advisory
- https://puppet.com/security/cve/CVE-2015-4000Third Party Advisory
- https://security.gentoo.org/glsa/201506-02Third Party Advisory
- https://security.gentoo.org/glsa/201512-10Third Party Advisory
- https://security.gentoo.org/glsa/201603-11Third Party Advisory
- https://security.gentoo.org/glsa/201701-46Third Party Advisory
- https://security.netapp.com/advisory/ntap-20150619-0001/Third Party Advisory
- https://support.citrix.com/article/CTX216642Third Party Advisory
- https://weakdh.org/Third Party Advisory
- https://weakdh.org/imperfect-forward-secrecy.pdfThird Party Advisory
- https://www-304.ibm.com/support/docview.wss?uid=swg21959745Third Party Advisory
- https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403Third Party Advisory
- https://www.openssl.org/news/secadv_20150611.txtVendor Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
- https://www.suse.com/security/cve/CVE-2015-4000.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-4000?
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
How severe is CVE-2015-4000?
CVE-2015-4000 has a CVSS score of 3.7/10 (LOW severity). The EPSS model estimates a 99.86% probability of exploitation in the next 30 days.
How do I fix CVE-2015-4000?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2015-4000?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST