CVE-2015-4000
published 2015-05-21CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which…
low3.7CVSS 3.1
AVNACHPRNUINSUCNILAN
EXPLOIT
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Affected
50 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 8.3 | — |
| apple | mac_os_x | <= 10.10.3 | — |
| apple | os_x_yosemite_v10.10.4_and_security_update_2015-005 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | nss | < nss 2:3.19.1-1 (bookworm) | nss 2:3.19.1-1 (bookworm) |
| debian | openjdk-8 | < nss 2:3.19.1-1 (bookworm) | nss 2:3.19.1-1 (bookworm) |
| debian | openssl | < nss 2:3.19.1-1 (bookworm) | nss 2:3.19.1-1 (bookworm) |
| geddyjs | geddy | >= 0 < 13.0.8 | 13.0.8 |
| hp | hp-ux | — | — |
| ibm | content_manager | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 39.0+build5-0ubuntu0.14.04.1 | 39.0+build5-0ubuntu0.14.04.1 |
| mozilla | firefox_esr | — | — |
| mozilla | firefox_os | — | — |
| mozilla | network_security_services | — | — |
| mozilla | nss | >= 0 < 2:3.19.1-1 | 2:3.19.1-1 |
| mozilla | nss | >= 0 < 2:3.19.1-1 | 2:3.19.1-1 |
| mozilla | nss | >= 0 < 2:3.19.1-1 | 2:3.19.1-1 |
CVSS provenance
nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
osv9.8CRITICAL