{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2015-4000", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-06T06:04:02.725Z", "dateReserved": "2015-05-15T00:00:00", "datePublished": "2015-05-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "SUSE-SU-2015:1184", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"}, {"name": "SUSE-SU-2015:1177", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"}, {"name": "SSRT102180", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"}, {"name": "RHSA-2015:1243", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"}, {"name": "openSUSE-SU-2015:1229", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"}, {"name": "1033208", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033208"}, {"name": "1032637", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032637"}, {"name": "HPSBGN03404", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=144050121701297&w=2"}, {"name": "DSA-3688", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2016/dsa-3688"}, {"name": "DSA-3287", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2015/dsa-3287"}, {"name": "HPSBUX03512", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=144493176821532&w=2"}, {"name": "1032865", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032865"}, {"name": "HPSBGN03351", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=143557934009303&w=2"}, {"name": "SUSE-SU-2015:1268", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"}, {"name": "SUSE-SU-2015:1150", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"}, {"name": "1034728", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1034728"}, {"name": "SUSE-SU-2015:1183", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"}, {"name": "1032656", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032656"}, {"name": "RHSA-2016:2056", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"}, {"name": "[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice", "tags": ["mailing-list"], "url": "http://openwall.com/lists/oss-security/2015/05/20/8"}, {"name": "openSUSE-SU-2015:1684", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"}, {"name": "HPSBGN03361", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=143628304012255&w=2"}, {"name": "HPSBGN03399", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=144060576831314&w=2"}, {"name": "1032475", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032475"}, {"name": "1032960", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032960"}, {"name": "openSUSE-SU-2016:0255", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"}, {"name": "1032653", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032653"}, {"name": "SUSE-SU-2016:0224", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"}, {"name": "1033385", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033385"}, {"name": "GLSA-201512-10", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201512-10"}, {"name": "RHSA-2015:1229", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"}, {"name": "openSUSE-SU-2016:0483", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"}, {"name": "1032864", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032864"}, {"name": "1032910", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032910"}, {"name": "1032645", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032645"}, {"name": "USN-2706-1", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-2706-1"}, {"name": "GLSA-201701-46", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201701-46"}, {"name": "RHSA-2015:1526", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"}, {"name": "1033760", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033760"}, {"name": "RHSA-2015:1485", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"}, {"name": "RHSA-2015:1197", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"}, {"name": "HPSBMU03401", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=144104533800819&w=2"}, {"name": "1032699", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032699"}, {"name": "1032476", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032476"}, {"name": "1032649", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032649"}, {"name": "HPSBMU03345", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=144043644216842&w=2"}, {"name": "HPSBUX03363", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=143637549705650&w=2"}, {"name": "RHSA-2015:1544", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"}, {"name": "FEDORA-2015-9130", "tags": ["vendor-advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"}, {"name": "SUSE-SU-2015:1182", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"}, {"name": "SSRT102112", "tags": ["vendor-advisory"], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"}, {"name": "1032688", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032688"}, {"name": "SUSE-SU-2015:1143", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"}, {"name": "1032652", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032652"}, {"name": "FEDORA-2015-9048", "tags": ["vendor-advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"}, {"name": "RHSA-2015:1185", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"}, {"name": "HPSBGN03362", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=143558092609708&w=2"}, {"name": "APPLE-SA-2015-06-30-2", "tags": ["vendor-advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"}, {"name": "openSUSE-SU-2015:1289", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"}, {"name": "FEDORA-2015-9161", "tags": ["vendor-advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"}, {"name": "HPSBGN03402", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=144069189622016&w=2"}, {"name": "1032648", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032648"}, {"name": "1032759", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032759"}, {"name": "RHSA-2015:1228", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"}, {"name": "HPSBGN03405", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=144060606031437&w=2"}, {"name": "DSA-3316", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2015/dsa-3316"}, {"name": "1033209", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033209"}, {"name": "1032871", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032871"}, {"name": "DSA-3324", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2015/dsa-3324"}, {"name": "1032655", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032655"}, {"name": "1033210", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033210"}, {"name": "HPSBGN03411", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=144061542602287&w=2"}, {"name": "openSUSE-SU-2015:1277", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"}, {"name": "HPSBGN03533", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=145409266329539&w=2"}, {"name": "USN-2673-1", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-2673-1"}, {"name": "1034884", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1034884"}, {"name": "HPSBMU03356", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=143506486712441&w=2"}, {"name": "GLSA-201603-11", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201603-11"}, {"name": "1033064", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033064"}, {"name": "SUSE-SU-2015:1181", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"}, {"name": "1032778", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032778"}, {"name": "1032474", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032474"}, {"name": "SSRT102254", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=144493176821532&w=2"}, {"name": "HPSBGN03407", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=144102017024820&w=2"}, {"name": "openSUSE-SU-2015:1209", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"}, {"name": "1032784", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032784"}, {"name": "1032777", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032777"}, {"name": "1033416", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033416"}, {"name": "1033991", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033991"}, {"name": "1032647", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032647"}, {"name": "1032654", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032654"}, {"name": "1033341", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033341"}, {"name": "RHSA-2015:1486", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"}, {"name": "SUSE-SU-2015:1663", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"}, {"name": "1033433", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033433"}, {"name": "USN-2696-1", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-2696-1"}, {"name": "APPLE-SA-2015-06-30-1", "tags": ["vendor-advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"}, {"name": "1032702", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032702"}, {"name": "DSA-3339", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2015/dsa-3339"}, {"name": "1032727", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032727"}, {"name": "RHSA-2015:1242", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"}, {"name": "SUSE-SU-2015:1269", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"}, {"name": "GLSA-201506-02", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201506-02"}, {"name": "91787", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/91787"}, {"name": "RHSA-2016:1624", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"}, {"name": "openSUSE-SU-2015:1266", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "RHSA-2015:1488", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"}, {"name": "SUSE-SU-2015:1319", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"}, {"name": "SUSE-SU-2015:1320", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"}, {"name": "1033430", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033430"}, {"name": "openSUSE-SU-2015:1288", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"}, {"name": "RHSA-2015:1241", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"}, {"name": "openSUSE-SU-2016:0478", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"}, {"name": "SUSE-SU-2015:1581", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"}, {"name": "HPSBUX03388", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"}, {"name": "RHSA-2015:1230", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"}, {"name": "74733", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/74733"}, {"name": "openSUSE-SU-2016:0261", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"}, {"name": "1032651", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032651"}, {"name": "1033065", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033065"}, {"name": "USN-2656-1", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-2656-1"}, {"name": "SUSE-SU-2015:1185", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"}, {"name": "1033222", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033222"}, {"name": "1036218", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1036218"}, {"name": "SUSE-SU-2015:1449", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"}, {"name": "HPSBGN03373", "tags": ["vendor-advisory"], "url": "http://marc.info/?l=bugtraq&m=143655800220052&w=2"}, {"name": "1040630", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1040630"}, {"name": "openSUSE-SU-2015:1139", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"}, {"name": "1034087", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1034087"}, {"name": "1033513", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033513"}, {"name": "1032884", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032884"}, {"name": "RHSA-2015:1604", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"}, {"name": "SUSE-SU-2016:0262", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"}, {"name": "1032932", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032932"}, {"name": "1033891", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033891"}, {"name": "openSUSE-SU-2016:0226", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"}, {"name": "1032783", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032783"}, {"name": "1032856", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032856"}, {"name": "NetBSD-SA2015-008", "tags": ["vendor-advisory"], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"}, {"name": "DSA-3300", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2015/dsa-3300"}, {"name": "USN-2656-2", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-2656-2"}, {"name": "1033067", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033067"}, {"name": "1033019", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1033019"}, {"name": "RHSA-2015:1072", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"}, {"name": "1032650", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1032650"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"}, {"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122"}, {"url": "http://support.apple.com/kb/HT204941"}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"}, {"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"}, {"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"}, {"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"}, {"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"}, {"url": "https://openssl.org/news/secadv/20150611.txt"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"}, {"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us"}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"}, {"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"}, {"url": "https://security.netapp.com/advisory/ntap-20150619-0001/"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"}, {"url": "https://www.suse.com/security/cve/CVE-2015-4000.html"}, {"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"}, {"url": "http://support.citrix.com/article/CTX201114"}, {"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"}, {"url": "http://support.apple.com/kb/HT204942"}, {"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"}, {"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727"}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"}, {"url": "https://puppet.com/security/cve/CVE-2015-4000"}, {"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"}, {"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"}, {"url": "https://support.citrix.com/article/CTX216642"}, {"url": "https://weakdh.org/"}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"}, {"url": "https://bto.bluecoat.com/security-advisory/sa98"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"}, {"url": "https://www.openssl.org/news/secadv_20150611.txt"}, {"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2015-05-19T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:04:02.725Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2015:1184", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"}, {"name": "SUSE-SU-2015:1177", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"}, {"name": "SSRT102180", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"}, {"name": "RHSA-2015:1243", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"}, {"name": "openSUSE-SU-2015:1229", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"}, {"name": "1033208", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033208"}, {"name": "1032637", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032637"}, {"name": "HPSBGN03404", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144050121701297&w=2"}, {"name": "DSA-3688", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3688"}, {"name": "DSA-3287", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3287"}, {"name": "HPSBUX03512", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144493176821532&w=2"}, {"name": "1032865", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032865"}, {"name": "HPSBGN03351", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=143557934009303&w=2"}, {"name": "SUSE-SU-2015:1268", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"}, {"name": "SUSE-SU-2015:1150", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"}, {"name": "1034728", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1034728"}, {"name": "SUSE-SU-2015:1183", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"}, {"name": "1032656", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032656"}, {"name": "RHSA-2016:2056", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"}, {"name": "[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice", "tags": ["mailing-list", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2015/05/20/8"}, {"name": "openSUSE-SU-2015:1684", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"}, {"name": "HPSBGN03361", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=143628304012255&w=2"}, {"name": "HPSBGN03399", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144060576831314&w=2"}, {"name": "1032475", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032475"}, {"name": "1032960", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032960"}, {"name": "openSUSE-SU-2016:0255", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"}, {"name": "1032653", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032653"}, {"name": "SUSE-SU-2016:0224", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"}, {"name": "1033385", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033385"}, {"name": "GLSA-201512-10", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201512-10"}, {"name": "RHSA-2015:1229", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"}, {"name": "openSUSE-SU-2016:0483", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"}, {"name": "1032864", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032864"}, {"name": "1032910", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032910"}, {"name": "1032645", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032645"}, {"name": "USN-2706-1", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2706-1"}, {"name": "GLSA-201701-46", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-46"}, {"name": "RHSA-2015:1526", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"}, {"name": "1033760", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033760"}, {"name": "RHSA-2015:1485", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"}, {"name": "RHSA-2015:1197", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"}, {"name": "HPSBMU03401", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144104533800819&w=2"}, {"name": "1032699", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032699"}, {"name": "1032476", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032476"}, {"name": "1032649", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032649"}, {"name": "HPSBMU03345", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144043644216842&w=2"}, {"name": "HPSBUX03363", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=143637549705650&w=2"}, {"name": "RHSA-2015:1544", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"}, {"name": "FEDORA-2015-9130", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"}, {"name": "SUSE-SU-2015:1182", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"}, {"name": "SSRT102112", "tags": ["vendor-advisory", "x_transferred"], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"}, {"name": "1032688", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032688"}, {"name": "SUSE-SU-2015:1143", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"}, {"name": "1032652", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032652"}, {"name": "FEDORA-2015-9048", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"}, {"name": "RHSA-2015:1185", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"}, {"name": "HPSBGN03362", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=143558092609708&w=2"}, {"name": "APPLE-SA-2015-06-30-2", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"}, {"name": "openSUSE-SU-2015:1289", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"}, {"name": "FEDORA-2015-9161", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"}, {"name": "HPSBGN03402", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144069189622016&w=2"}, {"name": "1032648", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032648"}, {"name": "1032759", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032759"}, {"name": "RHSA-2015:1228", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"}, {"name": "HPSBGN03405", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144060606031437&w=2"}, {"name": "DSA-3316", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3316"}, {"name": "1033209", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033209"}, {"name": "1032871", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032871"}, {"name": "DSA-3324", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3324"}, {"name": "1032655", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032655"}, {"name": "1033210", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033210"}, {"name": "HPSBGN03411", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144061542602287&w=2"}, {"name": "openSUSE-SU-2015:1277", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"}, {"name": "HPSBGN03533", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=145409266329539&w=2"}, {"name": "USN-2673-1", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2673-1"}, {"name": "1034884", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1034884"}, {"name": "HPSBMU03356", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=143506486712441&w=2"}, {"name": "GLSA-201603-11", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-11"}, {"name": "1033064", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033064"}, {"name": "SUSE-SU-2015:1181", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"}, {"name": "1032778", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032778"}, {"name": "1032474", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032474"}, {"name": "SSRT102254", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144493176821532&w=2"}, {"name": "HPSBGN03407", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144102017024820&w=2"}, {"name": "openSUSE-SU-2015:1209", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"}, {"name": "1032784", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032784"}, {"name": "1032777", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032777"}, {"name": "1033416", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033416"}, {"name": "1033991", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033991"}, {"name": "1032647", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032647"}, {"name": "1032654", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032654"}, {"name": "1033341", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033341"}, {"name": "RHSA-2015:1486", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"}, {"name": "SUSE-SU-2015:1663", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"}, {"name": "1033433", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033433"}, {"name": "USN-2696-1", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2696-1"}, {"name": "APPLE-SA-2015-06-30-1", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"}, {"name": "1032702", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032702"}, {"name": "DSA-3339", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3339"}, {"name": "1032727", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032727"}, {"name": "RHSA-2015:1242", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"}, {"name": "SUSE-SU-2015:1269", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"}, {"name": "GLSA-201506-02", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201506-02"}, {"name": "91787", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/91787"}, {"name": "RHSA-2016:1624", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"}, {"name": "openSUSE-SU-2015:1266", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "RHSA-2015:1488", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"}, {"name": "SUSE-SU-2015:1319", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"}, {"name": "SUSE-SU-2015:1320", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"}, {"name": "1033430", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033430"}, {"name": "openSUSE-SU-2015:1288", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"}, {"name": "RHSA-2015:1241", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"}, {"name": "openSUSE-SU-2016:0478", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"}, {"name": "SUSE-SU-2015:1581", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"}, {"name": "HPSBUX03388", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"}, {"name": "RHSA-2015:1230", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"}, {"name": "74733", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/74733"}, {"name": "openSUSE-SU-2016:0261", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"}, {"name": "1032651", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032651"}, {"name": "1033065", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033065"}, {"name": "USN-2656-1", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2656-1"}, {"name": "SUSE-SU-2015:1185", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"}, {"name": "1033222", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033222"}, {"name": "1036218", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1036218"}, {"name": "SUSE-SU-2015:1449", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"}, {"name": "HPSBGN03373", "tags": ["vendor-advisory", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=143655800220052&w=2"}, {"name": "1040630", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1040630"}, {"name": "openSUSE-SU-2015:1139", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"}, {"name": "1034087", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1034087"}, {"name": "1033513", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033513"}, {"name": "1032884", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032884"}, {"name": "RHSA-2015:1604", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"}, {"name": "SUSE-SU-2016:0262", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"}, {"name": "1032932", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032932"}, {"name": "1033891", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033891"}, {"name": "openSUSE-SU-2016:0226", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"}, {"name": "1032783", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032783"}, {"name": "1032856", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032856"}, {"name": "NetBSD-SA2015-008", "tags": ["vendor-advisory", "x_transferred"], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"}, {"name": "DSA-3300", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3300"}, {"name": "USN-2656-2", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2656-2"}, {"name": "1033067", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033067"}, {"name": "1033019", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1033019"}, {"name": "RHSA-2015:1072", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"}, {"name": "1032650", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1032650"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["x_transferred"]}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739", "tags": ["x_transferred"]}, {"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403", "tags": ["x_transferred"]}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "tags": ["x_transferred"]}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", "tags": ["x_transferred"]}, {"url": "http://support.apple.com/kb/HT204941", "tags": ["x_transferred"]}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812", "tags": ["x_transferred"]}, {"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745", "tags": ["x_transferred"]}, {"url": "https://weakdh.org/imperfect-forward-secrecy.pdf", "tags": ["x_transferred"]}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132", "tags": ["x_transferred"]}, {"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539", "tags": ["x_transferred"]}, {"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325", "tags": ["x_transferred"]}, {"url": "https://openssl.org/news/secadv/20150611.txt", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "tags": ["x_transferred"]}, {"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778", "tags": ["x_transferred"]}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us", "tags": ["x_transferred"]}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", "tags": ["x_transferred"]}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893", "tags": ["x_transferred"]}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717", "tags": ["x_transferred"]}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041", "tags": ["x_transferred"]}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194", "tags": ["x_transferred"]}, {"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20150619-0001/", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111", "tags": ["x_transferred"]}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418", "tags": ["x_transferred"]}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", "tags": ["x_transferred"]}, {"url": "https://www.suse.com/security/cve/CVE-2015-4000.html", "tags": ["x_transferred"]}, {"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722", "tags": ["x_transferred"]}, {"url": "http://support.citrix.com/article/CTX201114", "tags": ["x_transferred"]}, {"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery", "tags": ["x_transferred"]}, {"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380", "tags": ["x_transferred"]}, {"url": "http://support.apple.com/kb/HT204942", "tags": ["x_transferred"]}, {"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083", "tags": ["x_transferred"]}, {"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc", "tags": ["x_transferred"]}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727", "tags": ["x_transferred"]}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636", "tags": ["x_transferred"]}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839", "tags": ["x_transferred"]}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "tags": ["x_transferred"]}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", "tags": ["x_transferred"]}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", "tags": ["x_transferred"]}, {"url": "https://puppet.com/security/cve/CVE-2015-4000", "tags": ["x_transferred"]}, {"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html", "tags": ["x_transferred"]}, {"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm", "tags": ["x_transferred"]}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", "tags": ["x_transferred"]}, {"url": "https://support.citrix.com/article/CTX216642", "tags": ["x_transferred"]}, {"url": "https://weakdh.org/", "tags": ["x_transferred"]}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481", "tags": ["x_transferred"]}, {"url": "https://bto.bluecoat.com/security-advisory/sa98", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554", "tags": ["x_transferred"]}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455", "tags": ["x_transferred"]}, {"url": "https://www.openssl.org/news/secadv_20150611.txt", "tags": ["x_transferred"]}, {"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "51F16DD0-B15A-4B29-B68A-D6ABA0BF9623", "versionEndIncluding": "1.0.1m", "versionStartIncluding": "1.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "86B99FE0-EFEF-4C34-9790-A14504D701C5", "versionEndIncluding": "1.0.2a", "versionStartIncluding": "1.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4D0AB50-9195-4B1B-BB76-00F0A34C9389", "versionEndIncluding": "1.0.1m", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*", "matchCriteriaId": "B64BBA96-FB3C-46AC-9A29-50EE02714FE9", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*", "matchCriteriaId": "EB672C2E-8ABF-40CD-97DA-28D939DE4C63", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "228C7B8D-18EE-444A-8067-6C222844FB8C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:*", "matchCriteriaId": "2755C397-75DF-4110-8C8A-05EFDFFF9BC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*", "matchCriteriaId": "D084DBE9-BF2F-4A9B-8FDE-A9A608E6B40F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:*", "matchCriteriaId": "18FB6138-2B3D-4C4B-8647-3D1646165641", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*", "matchCriteriaId": "49B3533A-57B1-4EDA-9434-D75AE837F2C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*", "matchCriteriaId": "914D54AC-EAAE-4A01-BA88-7F245BDA47C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*", "matchCriteriaId": "33DD9C2A-9C6E-407B-8110-2EC7906DE036", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*", "matchCriteriaId": "88FA3ACA-B2FC-4D9C-B67E-35272514FB84", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*", "matchCriteriaId": "17B87292-EDBB-4D5A-8874-7405F040FAA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*", "matchCriteriaId": "366E2702-633C-4D4C-ACF8-4CBEC66719F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*", "matchCriteriaId": "8CFE55B4-9A07-4E88-98AC-8345243AEF79", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "D5BAC17C-EF31-4E94-9020-47B781AD94B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", "matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB31BE7C-CB6D-447E-AFF8-618998950FC5", "versionEndIncluding": "8.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "68566BD8-D5DD-4747-9C9A-59154400EBFA", "versionEndIncluding": "10.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*", "matchCriteriaId": "C6809678-475F-4703-BC9E-31EC8CAD3A24", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF02A45-1811-44F2-B3C9-90C11F5DF6DF", "versionEndIncluding": "1121", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFDA34B4-65B4-41A5-AC22-667C8D8FF4B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*", "matchCriteriaId": "C37BA825-679F-4257-9F2B-CE2318B75396", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*", "matchCriteriaId": "4545786D-3129-4D92-B218-F4A92428ED48", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B692B58-6FB8-455F-86C0-35E0F216A736", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*", "matchCriteriaId": "FA389FFB-2289-4BFB-90A1-0E7EC42FFCEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE52B8E3-3BA8-46DB-948E-958739FE91B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*", "matchCriteriaId": "DA79F816-D26E-4A0D-8CD8-994EBB42C822", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*", "matchCriteriaId": "1C87BCC3-0315-4B3C-BFCD-1E218B475251", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C00748D-ECFC-4ACA-964B-92330FE7B0EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E50128DD-9997-49E6-A47E-6A0B7959B3AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue."}, {"lang": "es", "value": "El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT est\u00e1 habilitada en un servidor pero no en un cliente, no transporta una elecci\u00f3n DHE_EXPORT, lo que permite a atacantes man-in-the-middle realizar ataques de degradaci\u00f3n del cifrado mediante la rescritura de un ClientHello con DHE remplazado por DHE_EXPORT y posteriormente la rescritura de un ServerHello con DHE_EXPORT remplazado por DHE, tambi\u00e9n conocido como el problema 'Logjam'."}], "id": "CVE-2015-4000", "lastModified": "2023-02-09T16:15:28.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2015-05-21T00:59:00.087", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=143506486712441&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=143557934009303&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=143558092609708&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=143628304012255&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=143637549705650&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=143655800220052&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144043644216842&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144050121701297&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144060576831314&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144060606031437&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144061542602287&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144069189622016&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144102017024820&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144104533800819&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144493176821532&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=145409266329539&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2015/05/20/8"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT204941"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT204942"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.citrix.com/article/CTX201114"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3287"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3300"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3316"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3324"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3339"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3688"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74733"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91787"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032474"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032475"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032476"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032637"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032645"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032647"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032648"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032649"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032650"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032651"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032652"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032653"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032654"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032655"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032656"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032688"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032699"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032702"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032727"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032759"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032777"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032778"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032783"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032784"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032856"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032864"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032865"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032871"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032884"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032910"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032932"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032960"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033019"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033064"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033065"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033067"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033208"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033209"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033210"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033222"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033341"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033385"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033416"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033430"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033433"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033513"}, {"source": "cve@mitre.org", "tags": ["VDB Entry", "Third Party Advisory"], "url": "http://www.securitytracker.com/id/1033760"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033891"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033991"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034087"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034728"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034884"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036218"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040630"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2656-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2656-2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2673-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2696-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2706-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://bto.bluecoat.com/security-advisory/sa98"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://openssl.org/news/secadv/20150611.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://puppet.com/security/cve/CVE-2015-4000"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201506-02"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201512-10"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201603-11"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-46"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20150619-0001/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.citrix.com/article/CTX216642"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://weakdh.org/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://weakdh.org/imperfect-forward-secrecy.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv_20150611.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.suse.com/security/cve/CVE-2015-4000.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:1242", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:5", "package": "java-1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11", "product_name": "Oracle Java for Red Hat Enterprise Linux 5", "release_date": "2015-07-17T00:00:00Z"}, {"advisory": "RHSA-2015:1243", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:5", "package": "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11", "product_name": "Oracle Java for Red Hat Enterprise Linux 5", "release_date": "2015-07-17T00:00:00Z"}, {"advisory": "RHSA-2015:1241", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2015-07-17T00:00:00Z"}, {"advisory": "RHSA-2015:1242", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2015-07-17T00:00:00Z"}, {"advisory": "RHSA-2015:1243", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2015-07-17T00:00:00Z"}, {"advisory": "RHSA-2015:1241", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2015-07-17T00:00:00Z"}, {"advisory": "RHSA-2015:1242", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2015-07-17T00:00:00Z"}, {"advisory": "RHSA-2015:1243", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2015-07-17T00:00:00Z"}, {"advisory": "RHSA-2015:1197", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "openssl-0:0.9.8e-36.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-06-30T00:00:00Z"}, {"advisory": "RHSA-2015:1230", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-07-15T00:00:00Z"}, {"advisory": "RHSA-2015:1526", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-07-30T00:00:00Z"}, {"advisory": "RHSA-2015:1486", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2015-07-22T00:00:00Z"}, {"advisory": "RHSA-2015:1488", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-ibm-1:1.7.0.9.10-1jpp.2.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2015-07-23T00:00:00Z"}, {"advisory": "RHSA-2015:1544", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2015-08-04T00:00:00Z"}, {"advisory": "RHSA-2015:1072", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssl-0:1.0.1e-30.el6_6.9", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1185", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nss-0:3.19.1-3.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-06-25T00:00:00Z"}, {"advisory": "RHSA-2015:1185", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nss-util-0:3.19.1-1.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-06-25T00:00:00Z"}, {"advisory": "RHSA-2015:1228", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-07-15T00:00:00Z"}, {"advisory": "RHSA-2015:1229", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-07-15T00:00:00Z"}, {"advisory": "RHSA-2015:1526", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-07-30T00:00:00Z"}, {"advisory": "RHSA-2015:1485", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.3.el6_7", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2015-07-22T00:00:00Z"}, {"advisory": "RHSA-2015:1486", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2015-07-22T00:00:00Z"}, {"advisory": "RHSA-2015:1544", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el6_7", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2015-08-04T00:00:00Z"}, {"advisory": "RHSA-2015:1072", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssl-1:1.0.1e-42.ael7b_1.6", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1185", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nss-0:3.19.1-3.ael7b_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-25T00:00:00Z"}, {"advisory": "RHSA-2015:1185", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nss-util-0:3.19.1-1.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-25T00:00:00Z"}, {"advisory": "RHSA-2015:1228", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.8.0-openjdk-1:1.8.0.51-1.b16.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-07-15T00:00:00Z"}, {"advisory": "RHSA-2015:1229", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-07-15T00:00:00Z"}, {"advisory": "RHSA-2015:1526", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-07-30T00:00:00Z"}, {"advisory": "RHSA-2016:2056", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4", "package": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4", "release_date": "2016-10-12T00:00:00Z"}, {"advisory": "RHSA-2016:1624", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.0", "product_name": "Red Hat JBoss Web Server 3.0", "release_date": "2016-08-17T00:00:00Z"}, {"advisory": "RHSA-2015:1604", "cpe": "cpe:/a:redhat:network_satellite:5.6::el5", "package": "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7", "product_name": "Red Hat Satellite 5.6", "release_date": "2015-08-12T00:00:00Z"}, {"advisory": "RHSA-2015:1604", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7", "product_name": "Red Hat Satellite 5.7", "release_date": "2015-08-12T00:00:00Z"}, {"advisory": "RHSA-2015:1485", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.1.ael7b_1", "product_name": "Supplementary for Red Hat Enterprise Linux 7", "release_date": "2015-07-22T00:00:00Z"}], "bugzilla": {"description": "LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks", "id": "1223211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223211"}, "csaw": true, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-327", "details": ["The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", "A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic."], "name": "CVE-2015-4000", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "nss", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 3"}], "public_date": "2015-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-4000\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4000\nhttps://access.redhat.com/articles/1456263\nhttps://weakdh.org/"], "statement": "This issue affects the version of openssl and nss libraries as shipped with Red Hat Enterprise Linux 4, 5, 6 and 7. More information about this flaw is available at: https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c4 and https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c5.\nRed Hat Enterprise Linux 4 is in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 4.", "threat_severity": "Moderate"}