cbcvebase.
CVE-2015-0204
published 2015-01-09

CVE-2015-0204: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct…

PriorityP343medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
98.69%
99.9th percentile
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

Affected

188 ranges· showing 25
VendorProductVersion rangeFixed in
appleiphone_os<= 8.1.3
applemac_os_x<= 10.10.2
appleos_x_yosemite_v10.10.3_and_security_update_2015-004
appletvos<= 7.0.3
ciscoproducts
debianmono< mono 3.2.8+dfsg-10 (bookworm)mono 3.2.8+dfsg-10 (bookworm)
debianopenssl< openssl 1.0.1k-1 (bookworm)openssl 1.0.1k-1 (bookworm)
dellbsafe>= 4.0.0 < 4.0.84.0.8
dellbsafe>= 4.1.0 < 4.1.34.1.3
dellbsafe_ssl-c<= 2.8.9
ibmtivoli_directory_server<= 6.0.0.73
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server
ibmtivoli_directory_server

Detection & IOCsextracted from sources · hover to see the quote

paths3_clnt.c
versionOpenSSL < 0.9.8zd
versionOpenSSL 1.0.0 < 1.0.0p
versionOpenSSL 1.0.1 < 1.0.1k
otherRSA_EXPORT cipher suites / EXPORT_RSA ciphers
  • Scan for servers offering RSA_EXPORT / EXPORT_RSA cipher suites; presence indicates a client connecting to such a server is at risk of FREAK downgrade attack.
  • Use Nessus plugin 81606 to detect SSL/TLS RSA-EXPORT <= 512-bit cipher suites supported (FREAK).
  • Use Nessus plugin 26928 to detect weak cipher suites supported on a target.
  • Detect vulnerable OpenSSL clients by checking the OpenSSL banner in web server response headers (note: banners are often suppressed).
  • Monitor for TLS handshakes where a server offers a weak ephemeral RSA key (512-bit) in a non-export cipher suite context, indicating a FREAK downgrade attempt.
  • The vulnerable code path is in ssl3_get_key_exchange() in s3_clnt.c; look for OpenSSL client builds where ephemeral RSA keys are accepted outside of export cipher suites.
  • ·CVE-2015-0204 scope is strictly OpenSSL client code; servers offering EXPORT_RSA ciphers are a prerequisite for exploitation but are not themselves vulnerable under this CVE.
  • ·Unauthenticated scanner checks (e.g., QID 42442) detect server-side exposure (EXPORT_RSA cipher availability); authenticated checks are needed to confirm client-side vulnerability.
  • ·A fix for FREAK in OpenSSL is available as of OpenSSL v1.0.2; fixed Debian packages are openssl 1.0.1k-1.
  • ·openssl097a (RHEL5) and openssl098e (RHEL6/7) will not be patched by Red Hat; only the main openssl package in affected products receives fixes.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_cisco5.0MEDIUM
vendor_ubuntu5.0MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.