CVE-2015-4000 - Vulnerability Details

- LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

Description

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Published: 2015-05-21

Score: 3.7 Low

EPSS: 99.9% High

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl::::::::
	cpe:2.3:a:openssl:openssl::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Configuration 3 [-]

AND

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*

Configuration 5 [-]

cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*

Configuration 6 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:oracle:jdk:1.6.0:update95::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update75::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update80::::::
	cpe:2.3:a:oracle:jdk:1.8.0:update_33::::::
	cpe:2.3:a:oracle:jdk:1.8.0:update45::::::
	cpe:2.3:a:oracle:jre:1.6.0:update_95::::::
	cpe:2.3:a:oracle:jre:1.7.0:update_75::::::
	cpe:2.3:a:oracle:jre:1.7.0:update_80::::::
	cpe:2.3:a:oracle:jre:1.8.0:update_33::::::
	cpe:2.3:a:oracle:jre:1.8.0:update_45::::::

Configuration 8 [-]

OR	cpe:2.3:o:suse:linux_enterprise_desktop:12:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:::::::*
	cpe:2.3:o:suse:suse_linux_enterprise_server:12:::::::*

Configuration 9 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

Configuration 10 [-]

cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*

Configuration 11 [-]

cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*

Configuration 12 [-]

OR	cpe:2.3:a:apple:safari:-:::::::*
	cpe:2.3:a:google:chrome:-:::::::*
	cpe:2.3:a:microsoft:internet_explorer:-:::::::*
	cpe:2.3:a:mozilla:firefox:-:::::::*
	cpe:2.3:a:opera:opera_browser:-:::::::*

Configuration 13 [-]

OR	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
	cpe:2.3:a:mozilla:firefox:39.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.35:::::::*
	cpe:2.3:a:mozilla:thunderbird:31.8:::::::*
	cpe:2.3:a:mozilla:thunderbird:38.1:::::::*
	cpe:2.3:o:mozilla:firefox_os:2.2:::::::*

Package	CPE	Advisory	Released Date
Oracle Java for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2015:1242	2015-07-17T00:00:00Z
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2015:1243	2015-07-17T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 6
java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:1241	2015-07-17T00:00:00Z
java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:1242	2015-07-17T00:00:00Z
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:1243	2015-07-17T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 7
java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:1241	2015-07-17T00:00:00Z
java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:1242	2015-07-17T00:00:00Z
java-1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:1243	2015-07-17T00:00:00Z
Red Hat Enterprise Linux 5
openssl-0:0.9.8e-36.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1197	2015-06-30T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1230	2015-07-15T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1526	2015-07-30T00:00:00Z
Red Hat Enterprise Linux 5 Supplementary
java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:1486	2015-07-22T00:00:00Z
java-1.7.0-ibm-1:1.7.0.9.10-1jpp.2.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:1488	2015-07-23T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:1544	2015-08-04T00:00:00Z
Red Hat Enterprise Linux 6
openssl-0:1.0.1e-30.el6_6.9	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1072	2015-06-04T00:00:00Z
nss-0:3.19.1-3.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1185	2015-06-25T00:00:00Z
nss-util-0:3.19.1-1.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1185	2015-06-25T00:00:00Z
java-1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1228	2015-07-15T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1229	2015-07-15T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1526	2015-07-30T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
java-1.7.1-ibm-1:1.7.1.3.10-1jpp.3.el6_7	cpe:/a:redhat:rhel_extras:6	RHSA-2015:1485	2015-07-22T00:00:00Z
java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7	cpe:/a:redhat:rhel_extras:6	RHSA-2015:1486	2015-07-22T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el6_7	cpe:/a:redhat:rhel_extras:6	RHSA-2015:1544	2015-08-04T00:00:00Z
Red Hat Enterprise Linux 7
openssl-1:1.0.1e-42.ael7b_1.6	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1072	2015-06-04T00:00:00Z
nss-0:3.19.1-3.ael7b_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1185	2015-06-25T00:00:00Z
nss-util-0:3.19.1-1.ael7b_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1185	2015-06-25T00:00:00Z
java-1.8.0-openjdk-1:1.8.0.51-1.b16.ael7b_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1228	2015-07-15T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1229	2015-07-15T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1526	2015-07-30T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4
openssl	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2016:2056	2016-10-12T00:00:00Z
Red Hat JBoss Web Server 3.0
	cpe:/a:redhat:jboss_enterprise_web_server:3.0	RHSA-2016:1624	2016-08-17T00:00:00Z
Red Hat Satellite 5.6
java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7	cpe:/a:redhat:network_satellite:5.6::el5	RHSA-2015:1604	2015-08-12T00:00:00Z
Red Hat Satellite 5.7
java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7	cpe:/a:redhat:network_satellite:5.7::el6	RHSA-2015:1604	2015-08-12T00:00:00Z
Supplementary for Red Hat Enterprise Linux 7
java-1.7.1-ibm-1:1.7.1.3.10-1jpp.1.ael7b_1	cpe:/a:redhat:rhel_extras:7	RHSA-2015:1485	2015-07-22T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-247-1	openssl security update
Debian DLA	DLA-303-1	openjdk-6 security update
Debian DLA	DLA-507-1	nss security update
Debian DSA	DSA-3287-1	openssl security update
Debian DSA	DSA-3300-1	iceweasel security update
Debian DSA	DSA-3316-1	openjdk-7 security update
Debian DSA	DSA-3324-1	icedove security update
Debian DSA	DSA-3339-1	openjdk-6 security update
Debian DSA	DSA-3688-1	nss security update
Ubuntu USN	USN-2656-1	Firefox vulnerabilities
Ubuntu USN	USN-2656-2	Firefox vulnerabilities
Ubuntu USN	USN-2673-1	Thunderbird vulnerabilities
Ubuntu USN	USN-2696-1	OpenJDK 7 vulnerabilities
Ubuntu USN	USN-2706-1	OpenJDK 6 vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.9986.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html
http://marc.info/?l=bugtraq&m=143506486712441&w=2
http://marc.info/?l=bugtraq&m=143557934009303&w=2
http://marc.info/?l=bugtraq&m=143558092609708&w=2
http://marc.info/?l=bugtraq&m=143628304012255&w=2
http://marc.info/?l=bugtraq&m=143637549705650&w=2
http://marc.info/?l=bugtraq&m=143655800220052&w=2
http://marc.info/?l=bugtraq&m=143880121627664&w=2
http://marc.info/?l=bugtraq&m=144043644216842&w=2
http://marc.info/?l=bugtraq&m=144050121701297&w=2
http://marc.info/?l=bugtraq&m=144060576831314&w=2
http://marc.info/?l=bugtraq&m=144060606031437&w=2
http://marc.info/?l=bugtraq&m=144061542602287&w=2
http://marc.info/?l=bugtraq&m=144069189622016&w=2
http://marc.info/?l=bugtraq&m=144102017024820&w=2
http://marc.info/?l=bugtraq&m=144104533800819&w=2
http://marc.info/?l=bugtraq&m=144493176821532&w=2
http://marc.info/?l=bugtraq&m=145409266329539&w=2
http://openwall.com/lists/oss-security/2015/05/20/8
http://rhn.redhat.com/errata/RHSA-2015-1072.html
http://rhn.redhat.com/errata/RHSA-2015-1185.html
http://rhn.redhat.com/errata/RHSA-2015-1197.html
http://rhn.redhat.com/errata/RHSA-2015-1228.html
http://rhn.redhat.com/errata/RHSA-2015-1229.html
http://rhn.redhat.com/errata/RHSA-2015-1230.html
http://rhn.redhat.com/errata/RHSA-2015-1241.html
http://rhn.redhat.com/errata/RHSA-2015-1242.html
http://rhn.redhat.com/errata/RHSA-2015-1243.html
http://rhn.redhat.com/errata/RHSA-2015-1485.html
http://rhn.redhat.com/errata/RHSA-2015-1486.html
http://rhn.redhat.com/errata/RHSA-2015-1488.html
http://rhn.redhat.com/errata/RHSA-2015-1526.html
http://rhn.redhat.com/errata/RHSA-2015-1544.html
http://rhn.redhat.com/errata/RHSA-2015-1604.html
http://rhn.redhat.com/errata/RHSA-2016-1624.html
http://rhn.redhat.com/errata/RHSA-2016-2056.html
http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204942
http://support.citrix.com/article/CTX201114
http://www-01.ibm.com/support/docview.wss?uid=swg21959111
http://www-01.ibm.com/support/docview.wss?uid=swg21959195
http://www-01.ibm.com/support/docview.wss?uid=swg21959325
http://www-01.ibm.com/support/docview.wss?uid=swg21959453
http://www-01.ibm.com/support/docview.wss?uid=swg21959481
http://www-01.ibm.com/support/docview.wss?uid=swg21959517
http://www-01.ibm.com/support/docview.wss?uid=swg21959530
http://www-01.ibm.com/support/docview.wss?uid=swg21959539
http://www-01.ibm.com/support/docview.wss?uid=swg21959636
http://www-01.ibm.com/support/docview.wss?uid=swg21959812
http://www-01.ibm.com/support/docview.wss?uid=swg21960191
http://www-01.ibm.com/support/docview.wss?uid=swg21961717
http://www-01.ibm.com/support/docview.wss?uid=swg21962455
http://www-01.ibm.com/support/docview.wss?uid=swg21962739
http://www-304.ibm.com/support/docview.wss?uid=swg21958984
http://www-304.ibm.com/support/docview.wss?uid=swg21959132
http://www-304.ibm.com/support/docview.wss?uid=swg21960041
http://www-304.ibm.com/support/docview.wss?uid=swg21960194
http://www-304.ibm.com/support/docview.wss?uid=swg21960380
http://www-304.ibm.com/support/docview.wss?uid=swg21960418
http://www-304.ibm.com/support/docview.wss?uid=swg21962816
http://www-304.ibm.com/support/docview.wss?uid=swg21967893
http://www.debian.org/security/2015/dsa-3287
http://www.debian.org/security/2015/dsa-3300
http://www.debian.org/security/2015/dsa-3316
http://www.debian.org/security/2015/dsa-3324
http://www.debian.org/security/2015/dsa-3339
http://www.debian.org/security/2016/dsa-3688
http://www.fortiguard.com/advisory/2015-05-20-logjam-attack
http://www.mozilla.org/security/announce/2015/mfsa2015-70.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/74733
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1032474
http://www.securitytracker.com/id/1032475
http://www.securitytracker.com/id/1032476
http://www.securitytracker.com/id/1032637
http://www.securitytracker.com/id/1032645
http://www.securitytracker.com/id/1032647
http://www.securitytracker.com/id/1032648
http://www.securitytracker.com/id/1032649
http://www.securitytracker.com/id/1032650
http://www.securitytracker.com/id/1032651
http://www.securitytracker.com/id/1032652
http://www.securitytracker.com/id/1032653
http://www.securitytracker.com/id/1032654
http://www.securitytracker.com/id/1032655
http://www.securitytracker.com/id/1032656
http://www.securitytracker.com/id/1032688
http://www.securitytracker.com/id/1032699
http://www.securitytracker.com/id/1032702
http://www.securitytracker.com/id/1032727
http://www.securitytracker.com/id/1032759
http://www.securitytracker.com/id/1032777
http://www.securitytracker.com/id/1032778
http://www.securitytracker.com/id/1032783
http://www.securitytracker.com/id/1032784
http://www.securitytracker.com/id/1032856
http://www.securitytracker.com/id/1032864
http://www.securitytracker.com/id/1032865
http://www.securitytracker.com/id/1032871
http://www.securitytracker.com/id/1032884
http://www.securitytracker.com/id/1032910
http://www.securitytracker.com/id/1032932
http://www.securitytracker.com/id/1032960
http://www.securitytracker.com/id/1033019
http://www.securitytracker.com/id/1033064
http://www.securitytracker.com/id/1033065
http://www.securitytracker.com/id/1033067
http://www.securitytracker.com/id/1033208
http://www.securitytracker.com/id/1033209
http://www.securitytracker.com/id/1033210
http://www.securitytracker.com/id/1033222
http://www.securitytracker.com/id/1033341
http://www.securitytracker.com/id/1033385
http://www.securitytracker.com/id/1033416
http://www.securitytracker.com/id/1033430
http://www.securitytracker.com/id/1033433
http://www.securitytracker.com/id/1033513
http://www.securitytracker.com/id/1033760
http://www.securitytracker.com/id/1033891
http://www.securitytracker.com/id/1033991
http://www.securitytracker.com/id/1034087
http://www.securitytracker.com/id/1034728
http://www.securitytracker.com/id/1034884
http://www.securitytracker.com/id/1036218
http://www.securitytracker.com/id/1040630
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
http://www.ubuntu.com/usn/USN-2673-1
http://www.ubuntu.com/usn/USN-2696-1
http://www.ubuntu.com/usn/USN-2706-1
https://access.redhat.com/articles/1456263
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
https://bto.bluecoat.com/security-advisory/sa98
https://bugzilla.mozilla.org/show_bug.cgi?id=1138554
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
https://nvd.nist.gov/vuln/detail/CVE-2015-4000
https://openssl.org/news/secadv/20150611.txt
https://puppet.com/security/cve/CVE-2015-4000
https://security.gentoo.org/glsa/201506-02
https://security.gentoo.org/glsa/201512-10
https://security.gentoo.org/glsa/201603-11
https://security.gentoo.org/glsa/201701-46
https://security.netapp.com/advisory/ntap-20150619-0001/
https://support.citrix.com/article/CTX216642
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
https://weakdh.org/
https://weakdh.org/imperfect-forward-secrecy.pdf
https://www-304.ibm.com/support/docview.wss?uid=swg21959745
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403
https://www.cve.org/CVERecord?id=CVE-2015-4000
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
https://www.openssl.org/news/secadv_20150611.txt
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.suse.com/security/cve/CVE-2015-4000.html

History

Wed, 27 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-295
Metrics		cvssV3_1 `{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 22 Oct 2024 14:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr:38.1.0:::::::*	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

Subscriptions

Apple Iphone Os Mac Os X Safari

Canonical Ubuntu Linux

Debian Debian Linux

Google Chrome

Hp Hp-ux

Ibm Content Manager

Microsoft Internet Explorer

Mozilla Firefox Firefox Esr Firefox Os Network Security Services Seamonkey Thunderbird

Openssl Openssl

Opera Opera Browser

Oracle Jdk Jre Jrockit Sparc-opl Service Processor

Redhat Enterprise Linux Jboss Enterprise Application Platform Jboss Enterprise Web Server Network Satellite Rhel Extras Rhel Extras Oracle Java

Suse Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit Suse Linux Enterprise Server

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-05-21T00:00:00.000Z

Updated: 2026-05-27T16:22:20.395Z

Reserved: 2015-05-15T00:00:00.000Z

Link: CVE-2015-4000

Vulnrichment

Updated: 2024-08-06T06:04:02.725Z

NVD

Status : Modified

Published: 2015-05-21T00:59:00.087

Modified: 2026-06-17T00:26:36.567

Link: CVE-2015-4000

Redhat

Severity : Moderate

Publid Date: 2015-05-20T00:00:00Z

Links: CVE-2015-4000 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object