CVE-2015-4000

Description

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Category

3.7
CVSS
Severity: Low
CVSS 3.0 •
CVSS 2.0 •
EPSS 94.03% Top 5%
Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory marc.info Vendor Advisory debian.org Vendor Advisory debian.org Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory fedoraproject.org Vendor Advisory opensuse.org Vendor Advisory hp.com Vendor Advisory opensuse.org Vendor Advisory fedoraproject.org Vendor Advisory redhat.com Vendor Advisory marc.info Vendor Advisory apple.com Vendor Advisory opensuse.org Vendor Advisory fedoraproject.org Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory marc.info Vendor Advisory debian.org Vendor Advisory debian.org Vendor Advisory marc.info Vendor Advisory opensuse.org Vendor Advisory marc.info Vendor Advisory ubuntu.com Vendor Advisory marc.info Vendor Advisory gentoo.org Vendor Advisory opensuse.org Vendor Advisory marc.info Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory apple.com Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory marc.info Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory netbsd.org Vendor Advisory debian.org Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory openssl.org Vendor Advisory openssl.org Vendor Advisory openssl.org
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=143880121627664&w=2 mailing list third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2015-1243.html third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1033208 vdb entry third party advisory
http://www.securitytracker.com/id/1032637 vdb entry third party advisory
http://marc.info/?l=bugtraq&m=144050121701297&w=2 mailing list third party advisory vendor advisory
http://www.debian.org/security/2016/dsa-3688 third party advisory vendor advisory
http://www.debian.org/security/2015/dsa-3287 third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=144493176821532&w=2 mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032865 vdb entry third party advisory
http://marc.info/?l=bugtraq&m=143557934009303&w=2 mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1034728 vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032656 vdb entry third party advisory
http://rhn.redhat.com/errata/RHSA-2016-2056.html third party advisory vendor advisory
http://openwall.com/lists/oss-security/2015/05/20/8 third party advisory mailing list
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=143628304012255&w=2 mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=144060576831314&w=2 mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032475 vdb entry third party advisory
http://www.securitytracker.com/id/1032960 vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032653 vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1033385 vdb entry third party advisory
https://security.gentoo.org/glsa/201512-10 third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2015-1229.html third party advisory vendor advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032864 vdb entry third party advisory
http://www.securitytracker.com/id/1032910 vdb entry third party advisory
http://www.securitytracker.com/id/1032645 vdb entry third party advisory
http://www.ubuntu.com/usn/USN-2706-1 third party advisory vendor advisory
https://security.gentoo.org/glsa/201701-46 third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2015-1526.html third party advisory vendor advisory
http://www.securitytracker.com/id/1033760 vdb entry third party advisory
http://rhn.redhat.com/errata/RHSA-2015-1485.html third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2015-1197.html third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=144104533800819&w=2 mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032699 vdb entry third party advisory
http://www.securitytracker.com/id/1032476 vdb entry third party advisory
http://www.securitytracker.com/id/1032649 vdb entry third party advisory
http://marc.info/?l=bugtraq&m=144043644216842&w=2 mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=143637549705650&w=2 mailing list third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2015-1544.html third party advisory vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html mailing list third party advisory vendor advisory
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196 third party advisory vendor advisory
http://www.securitytracker.com/id/1032688 vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032652 vdb entry third party advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html mailing list third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2015-1185.html third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=143558092609708&w=2 mailing list third party advisory vendor advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html mailing list third party advisory vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=144069189622016&w=2 mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032648 vdb entry third party advisory
http://www.securitytracker.com/id/1032759 vdb entry third party advisory
http://rhn.redhat.com/errata/RHSA-2015-1228.html third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=144060606031437&w=2 mailing list third party advisory vendor advisory
http://www.debian.org/security/2015/dsa-3316 third party advisory vendor advisory
http://www.securitytracker.com/id/1033209 vdb entry third party advisory
http://www.securitytracker.com/id/1032871 vdb entry third party advisory
http://www.debian.org/security/2015/dsa-3324 third party advisory vendor advisory
http://www.securitytracker.com/id/1032655 vdb entry third party advisory
http://www.securitytracker.com/id/1033210 vdb entry third party advisory
http://marc.info/?l=bugtraq&m=144061542602287&w=2 mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=145409266329539&w=2 mailing list third party advisory vendor advisory
http://www.ubuntu.com/usn/USN-2673-1 third party advisory vendor advisory
http://www.securitytracker.com/id/1034884 vdb entry third party advisory
http://marc.info/?l=bugtraq&m=143506486712441&w=2 mailing list third party advisory vendor advisory
https://security.gentoo.org/glsa/201603-11 third party advisory vendor advisory
http://www.securitytracker.com/id/1033064 vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032778 vdb entry third party advisory
http://www.securitytracker.com/id/1032474 vdb entry third party advisory
http://marc.info/?l=bugtraq&m=144102017024820&w=2 mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032784 vdb entry third party advisory
http://www.securitytracker.com/id/1032777 vdb entry third party advisory
http://www.securitytracker.com/id/1033416 vdb entry third party advisory
http://www.securitytracker.com/id/1033991 vdb entry third party advisory
http://www.securitytracker.com/id/1032647 vdb entry third party advisory
http://www.securitytracker.com/id/1032654 vdb entry third party advisory
http://www.securitytracker.com/id/1033341 vdb entry third party advisory
http://rhn.redhat.com/errata/RHSA-2015-1486.html third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1033433 vdb entry third party advisory
http://www.ubuntu.com/usn/USN-2696-1 third party advisory vendor advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032702 vdb entry third party advisory
http://www.debian.org/security/2015/dsa-3339 third party advisory vendor advisory
http://www.securitytracker.com/id/1032727 vdb entry third party advisory
http://rhn.redhat.com/errata/RHSA-2015-1242.html third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html mailing list third party advisory vendor advisory
https://security.gentoo.org/glsa/201506-02 third party advisory vendor advisory
http://www.securityfocus.com/bid/91787 vdb entry third party advisory
http://rhn.redhat.com/errata/RHSA-2016-1624.html third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html mailing list third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2015-1488.html third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1033430 vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html mailing list third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2015-1241.html third party advisory vendor advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html mailing list third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2015-1230.html third party advisory vendor advisory
http://www.securityfocus.com/bid/74733 vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032651 vdb entry third party advisory
http://www.securitytracker.com/id/1033065 vdb entry third party advisory
http://www.ubuntu.com/usn/USN-2656-1 third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1033222 vdb entry third party advisory
http://www.securitytracker.com/id/1036218 vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=143655800220052&w=2 mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1040630 vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1034087 vdb entry third party advisory
http://www.securitytracker.com/id/1033513 vdb entry third party advisory
http://www.securitytracker.com/id/1032884 vdb entry third party advisory
http://rhn.redhat.com/errata/RHSA-2015-1604.html third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032932 vdb entry third party advisory
http://www.securitytracker.com/id/1033891 vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html mailing list third party advisory vendor advisory
http://www.securitytracker.com/id/1032783 vdb entry third party advisory
http://www.securitytracker.com/id/1032856 vdb entry third party advisory
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc mailing list third party advisory vendor advisory
http://www.debian.org/security/2015/dsa-3300 third party advisory vendor advisory
http://www.ubuntu.com/usn/USN-2656-2 third party advisory vendor advisory
http://www.securitytracker.com/id/1033067 vdb entry third party advisory
http://www.securitytracker.com/id/1033019 vdb entry third party advisory
http://rhn.redhat.com/errata/RHSA-2015-1072.html third party advisory vendor advisory
http://www.securitytracker.com/id/1032650 vdb entry third party advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html third party advisory patch
https://www.oracle.com/security-alerts/cpujan2021.html third party advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681 third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21962739 third party advisory
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403 third party advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929 third party advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html third party advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10122 third party advisory
http://support.apple.com/kb/HT204941 third party advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21962816 third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959812 third party advisory
https://www-304.ibm.com/support/docview.wss?uid=swg21959745 third party advisory
https://weakdh.org/imperfect-forward-secrecy.pdf third party advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21959132 third party advisory
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/ third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959539 third party advisory
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959325 third party advisory
https://openssl.org/news/secadv/20150611.txt vendor advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527 third party advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html third party advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778 third party advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us third party advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190 third party advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21967893 third party advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21958984 third party advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959517 third party advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959195 third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21961717 third party advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960041 third party advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960194 third party advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959453 third party advisory
https://security.netapp.com/advisory/ntap-20150619-0001/ third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959111 third party advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960418 third party advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246 third party advisory
https://www.suse.com/security/cve/CVE-2015-4000.html third party advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes third party advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655 third party advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722 third party advisory
http://support.citrix.com/article/CTX201114 third party advisory
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery third party advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960380 third party advisory
http://support.apple.com/kb/HT204942 third party advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402 third party advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083 third party advisory
http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc third party advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 third party advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241 third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959530 third party advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html third party advisory patch
http://www-01.ibm.com/support/docview.wss?uid=swg21960191 third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959636 third party advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839 third party advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html third party advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140 third party advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763 third party advisory
https://puppet.com/security/cve/CVE-2015-4000 third party advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-70.html third party advisory
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm third party advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789 third party advisory
https://support.citrix.com/article/CTX216642 third party advisory
https://weakdh.org/ third party advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119 third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959481 third party advisory
https://bto.bluecoat.com/security-advisory/sa98 third party advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1138554 issue tracking third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21962455 third party advisory
https://www.openssl.org/news/secadv_20150611.txt vendor advisory
http://www.fortiguard.com/advisory/2015-05-20-logjam-attack third party advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf third party advisory

Frequently Asked Questions

What is the severity of CVE-2015-4000?
CVE-2015-4000 has been scored as a low severity vulnerability.
How to fix CVE-2015-4000?
To fix CVE-2015-4000, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2015-4000 being actively exploited in the wild?
It is possible that CVE-2015-4000 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~94% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.