CVE-2015-4000 — LOW (3.7) — White Hats Nepal

Q: How severe is CVE-2015-4000?

CVE-2015-4000 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-4000?

Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Canonical Ubuntu Linux, Hp Hp-Ux, Ibm Content Manager, Oracle Jrockit.

Vulnerability Description

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

CVSS Score

3.7

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Openssl	Openssl	>= 1.0.1, <= 1.0.1m
Canonical	Ubuntu Linux	12.04
Hp	Hp-Ux	b.11.31
Ibm	Content Manager	8.5
Oracle	Jrockit	r28.3.6
Debian	Debian Linux	7.0
Oracle	Jdk	1.6.0
Oracle	Jre	1.6.0
Suse	Linux Enterprise Desktop	12
Suse	Linux Enterprise Server	11.0
Suse	Linux Enterprise Software Development Kit	12
Suse	Suse Linux Enterprise Server	12
Apple	Iphone Os	<= 8.3
Apple	Mac Os X	<= 10.10.3
Mozilla	Network Security Services	3.19
Oracle	Sparc-Opl Service Processor	<= 1121
Apple	Safari	-
Google	Chrome	-
Microsoft	Internet Explorer	-
Mozilla	Firefox	-

Related Weaknesses (CWE)

CWE-310

References

http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.ascThird Party Advisory
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chaiThird Party Advisory
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascMailing ListThird Party Advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402Third Party Advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2015-4000?

CVE-2015-4000 is a vulnerability with a CVSS score of 3.7 (LOW). The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to co...

How severe is CVE-2015-4000?

CVE-2015-4000 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4000?

Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Canonical Ubuntu Linux, Hp Hp-Ux, Ibm Content Manager, Oracle Jrockit.