CVE-2015-4000

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2015-4000
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2015-05-21 00:59:00 UTC
Updated2023-02-09 16:15:00 UTC
DescriptionThe TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Risk And Classification

Problem Types: CWE-310

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Apple Iphone Os All All All All
Operating System Apple Mac Os X All All All All
Application Apple Safari All All All All
Application Apple Safari - All All All
Application Apple Safari All All All All
Operating System Canonical Ubuntu Linux 12.04 All All All
Operating System Canonical Ubuntu Linux 14.04 All All All
Operating System Canonical Ubuntu Linux 14.10 All All All
Operating System Canonical Ubuntu Linux 15.04 All All All
Operating System Canonical Ubuntu Linux 12.04 All All All
Operating System Canonical Ubuntu Linux 14.04 All All All
Operating System Canonical Ubuntu Linux 14.10 All All All
Operating System Canonical Ubuntu Linux 15.04 All All All
Operating System Debian Debian Linux 7.0 All All All
Operating System Debian Debian Linux 8.0 All All All
Operating System Debian Debian Linux 7.0 All All All
Operating System Debian Debian Linux 8.0 All All All
Application Google Chrome - All All All
Application Google Chrome - All All All
Operating System Hp Hp-ux b.11.31 All All All
Operating System Hp Hp-ux b.11.31 All All All
Application Ibm Content Manager 8.5 All All All
Application Ibm Content Manager 8.5 All All All
Application Microsoft Ie All All All All
Application Microsoft Ie All All All All
Application Microsoft Internet Explorer All All All All
Application Microsoft Internet Explorer - All All All
Application Mozilla Firefox All All All All
Application Mozilla Firefox - All All All
Application Mozilla Firefox 39.0 All All All
Application Mozilla Firefox All All All All
Application Mozilla Firefox 39.0 All All All
Application Mozilla Firefox Esr 31.8 All All All
Application Mozilla Firefox Esr 38.1.0 All All All
Application Mozilla Firefox Esr 31.8 All All All
Application Mozilla Firefox Esr 38.1.0 All All All
Operating System Mozilla Firefox Os 2.2 All All All
Operating System Mozilla Firefox Os 2.2 All All All
Application Mozilla Network Security Services 3.19 All All All
Application Mozilla Network Security Services 3.19 All All All
Application Mozilla Seamonkey 2.35 All All All
Application Mozilla Seamonkey 2.35 All All All
Application Mozilla Thunderbird 31.8 All All All
Application Mozilla Thunderbird 38.1 All All All
Application Mozilla Thunderbird 31.8 All All All
Application Mozilla Thunderbird 38.1 All All All
Application Openssl Openssl All All All All
Application Openssl Openssl All All All All
Application Opera Opera Browser - All All All
Application Opera Opera Browser - All All All
Application Oracle Jdk 1.6.0 update95 All All
Application Oracle Jdk 1.6.0 update_95 All All
Application Oracle Jdk 1.7.0 update75 All All
Application Oracle Jdk 1.7.0 update80 All All
Application Oracle Jdk 1.7.0 update_80 All All
Application Oracle Jdk 1.8.0 update45 All All
Application Oracle Jdk 1.8.0 update_33 All All
Application Oracle Jdk 1.6.0 update_95 All All
Application Oracle Jdk 1.7.0 update75 All All
Application Oracle Jdk 1.7.0 update_80 All All
Application Oracle Jdk 1.8.0 update45 All All
Application Oracle Jdk 1.8.0 update_33 All All
Application Oracle Jre 1.6.0 update_95 All All
Application Oracle Jre 1.7.0 update_75 All All
Application Oracle Jre 1.7.0 update_80 All All
Application Oracle Jre 1.8.0 update_33 All All
Application Oracle Jre 1.8.0 update_45 All All
Application Oracle Jre 1.6.0 update_95 All All
Application Oracle Jre 1.7.0 update_75 All All
Application Oracle Jre 1.7.0 update_80 All All
Application Oracle Jre 1.8.0 update_33 All All
Application Oracle Jre 1.8.0 update_45 All All
Application Oracle Jrockit r28.3.6 All All All
Application Oracle Jrockit r28.3.6 All All All
Application Oracle Sparc-opl Service Processor All All All All
Operating System Suse Linux Enterprise Desktop 12 All All All
Operating System Suse Linux Enterprise Desktop 12 All All All
Operating System Suse Linux Enterprise Server 11.0 sp4 All All
Operating System Suse Linux Enterprise Server 11.0 sp4 All All
Operating System Suse Linux Enterprise Software Development Kit 12 All All All
Operating System Suse Linux Enterprise Software Development Kit 12 All All All
Operating System Suse Suse Linux Enterprise Server 12 All All All
Operating System Suse Suse Linux Enterprise Server 12 All All All

References

ReferenceSourceLinkTags
HP Network Node Manager iTLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
IBM Tivoli Monitoring TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
[security-announce] SUSE-SU-2015:1320-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
IBM Tivoli Storage Manager FastBack for Workstations TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Oracle Critical Patch Update Advisory - April 2016 CONFIRM www.oracle.com Patch, Third Party Advisory
IBM SPSS Analytic Server TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
[security-announce] openSUSE-SU-2015:1229-1: important: Security update SUSE lists.opensuse.org Mailing List, Third Party Advisory
HP IceWall TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 - Apple Support CONFIRM support.apple.com Third Party Advisory
'[security bulletin] HPSBGN03404 rev.1 - HP Service Health Reporter, Remote Unauthorized Modification' - MARC HP marc.info Mailing List, Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
FortiGuard CONFIRM fortiguard.com Third Party Advisory
IBM Rational Quality Manager TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
'[security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TL' - MARC HP marc.info Mailing List, Third Party Advisory
NetBSD-SA2015-008 NETBSD ftp.netbsd.org Mailing List, Third Party Advisory
'[security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorize' - MARC HP marc.info Mailing List, Third Party Advisory
Document Display | HPE Support Center CONFIRM h20564.www2.hpe.com Third Party Advisory
APPLE-SA-2015-06-30-1 iOS 8.4 APPLE lists.apple.com Mailing List, Third Party Advisory
[security-announce] SUSE-SU-2016:0224-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
'[security bulletin] HPSBGN03407 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Modif' - MARC HP marc.info Mailing List, Third Party Advisory
IBM Rational ClearQuest TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
[security-announce] openSUSE-SU-2016:0255-1: important: Security update SUSE lists.opensuse.org Mailing List, Third Party Advisory
IBM Lotus Notes and Domino TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
[security-announce] openSUSE-SU-2015:1288-1: important: Security update SUSE lists.opensuse.org Mailing List, Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Document Display | HPE Support Center CONFIRM h20564.www2.hpe.com Third Party Advisory
Official HP® Support HP h20564.www2.hp.com Third Party Advisory
IBM Flex System Manager SMIA Configuration Tool TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
IBM Rational Rhapsody Design Manager TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Oracle Critical Patch Update - July 2016 CONFIRM www.oracle.com Patch, Third Party Advisory
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM WebSphere MQ Telemetry (CVE-2015-4000) - United States CONFIRM www-304.ibm.com Third Party Advisory
'[security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Una' - MARC HP marc.info Mailing List, Third Party Advisory
'[security bulletin] HPSBGN03361 rev.1 - HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, ' - MARC HP marc.info Mailing List, Third Party Advisory
IBM Rational Software Architect TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Debian -- Security Information -- DSA-3300-1 iceweasel DEBIAN www.debian.org Third Party Advisory
IBM WebSphere MQ Telemetry TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
IBM Security Bulletin:Vulnerability in Diffie-Hellman ciphers affects Rational Build Forge (CVE-2015-4000) - United States CONFIRM www-01.ibm.com Third Party Advisory
Juniper Networks - 2016-04 Security Bulletin: Junos Space: Multiple privilege escalation vulnerabilities in Junos Space (CVE-2016-1265) - Knowledge Base CONFIRM kb.juniper.net Third Party Advisory
'[security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent ru' - MARC HP marc.info Mailing List, Third Party Advisory
IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-1788, CVE-2015-1791, CVE-2015-4000) - United States CONFIRM www-304.ibm.com Third Party Advisory
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities BID www.securityfocus.com Third Party Advisory, VDB Entry
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM® WebSphere Real Time (CVE-2015-4000) CONFIRM www-01.ibm.com Third Party Advisory
HP integrated Lights Out (iLO) TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Logjam, FREAK and Upcoming Changes in OpenSSL - OpenSSL Blog CONFIRM www.openssl.org Vendor Advisory
IBM Support CONFIRM www-947.ibm.com Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
IBM notice: The page you requested cannot be displayed CONFIRM www-304.ibm.com Third Party Advisory
Oracle Critical Patch Update - October 2015 CONFIRM www.oracle.com Third Party Advisory
IBM Rational ClearCase TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
IBM AIX Sendmail TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
OpenSSL: Multiple vulnerabilities (GLSA 201506-02) — Gentoo security GENTOO security.gentoo.org Third Party Advisory
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Security Network Protection (CVE-2015-4000) CONFIRM www-01.ibm.com Third Party Advisory
Debian -- Security Information -- DSA-3339-1 openjdk-6 DEBIAN www.debian.org Third Party Advisory
[SECURITY] Fedora 21 Update: nss-3.19.1-1.0.fc21 FEDORA lists.fedoraproject.org Mailing List, Third Party Advisory
Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware CONFIRM support.citrix.com Third Party Advisory
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM® DB2® LUW (CVE-2015-4000) - United States CONFIRM www-304.ibm.com Third Party Advisory
CVE-2015-4000 - Citrix Security Advisory for DHE_EXPORT TLS Vulnerability CONFIRM support.citrix.com Third Party Advisory
Oracle Critical Patch Update - July 2015 CONFIRM www.oracle.com Third Party Advisory
HPE 支援文件 - HPE 支援中心 CONFIRM h20564.www2.hpe.com Third Party Advisory
openssl.org/news/secadv/20150611.txt CONFIRM openssl.org Vendor Advisory
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
[security-announce] SUSE-SU-2015:1268-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Document Display | HPE Support Center CONFIRM h20564.www2.hpe.com Third Party Advisory
IBM DB2 TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
USN-2656-2: Firefox vulnerabilities | Ubuntu UBUNTU www.ubuntu.com Third Party Advisory
'[security bulletin] HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information' - MARC HP marc.info Mailing List, Third Party Advisory
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-4000) - United States CONFIRM www-304.ibm.com Third Party Advisory
[security-announce] SUSE-SU-2015:1185-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
Document Display | HPE Support Center CONFIRM h20564.www2.hpe.com Third Party Advisory
[security-announce] openSUSE-SU-2016:0261-1: important: Security update SUSE lists.opensuse.org Mailing List, Third Party Advisory
IBM SPSS Modeler TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox SUSE lists.opensuse.org Mailing List, Third Party Advisory
RHSA-2016:2056 REDHAT rhn.redhat.com Third Party Advisory
[security-announce] SUSE-SU-2015:1183-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc CONFIRM aix.software.ibm.com Third Party Advisory
Oracle Secure Global Desktop TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
openSUSE-SU-2016:0483-1: moderate: Security update for socat SUSE lists.opensuse.org Mailing List, Third Party Advisory
'[security bulletin] HPSBUX03363 rev.1 - HP-UX Apache Web Server running OpenSSL, Remote Disclosure o' - MARC HP marc.info Mailing List, Third Party Advisory
IBM WebSphere Application Server Community Edition TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 APPLE lists.apple.com Mailing List, Third Party Advisory
IBM Tivoli Netcool System Service Monitor TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Apache TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
[SECURITY] Fedora 22 Update: nss-3.19.1-1.0.fc22 FEDORA lists.fedoraproject.org Mailing List, Third Party Advisory
USN-2673-1: Thunderbird vulnerabilities | Ubuntu UBUNTU www.ubuntu.com Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Lotus Quickr for WebSphere Portal TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Gain Elevated Privileges - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
'[security bulletin] HPSBGN03373 rev.1 - HP Release Control running TLS, Remote Disclosure of Informa' - MARC HP marc.info Mailing List, Third Party Advisory
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Monitoring (CVE-2015-4000) - United States CONFIRM www-01.ibm.com Third Party Advisory
IBM AIX TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
NSS 3.19.1 release notes - Mozilla | MDN CONFIRM developer.mozilla.org Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Rational ClearCase (CVE-2015-4000) - United States CONFIRM www-01.ibm.com Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Broadcom Support Portal CONFIRM bto.bluecoat.com Third Party Advisory
NSS accepts export-length DHE keys with regular DHE cipher suites — Mozilla CONFIRM www.mozilla.org Third Party Advisory
Weak Diffie-Hellman and the Logjam Attack MISC weakdh.org Third Party Advisory
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Cognos Metrics Manager (CVE-2015-4000) - United States CONFIRM www-01.ibm.com Third Party Advisory
IBM The Diffie-Hellman vulnerability known as Logjam in Apache Tomcat may affect IBM WebSphere Application Server Community Edition (CVE-2015-4000) - United States CONFIRM www-01.ibm.com Third Party Advisory
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-4000) - United States CONFIRM www-01.ibm.com Third Party Advisory
[security-announce] SUSE-SU-2015:1269-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
'[security bulletin] HPSBGN03399 rev.1 - HP BSM Connector (BSMC), Remote Unauthorized Modification, D' - MARC HP marc.info Mailing List, Third Party Advisory
Apple OS X TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
'[security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Den' - MARC HP marc.info Mailing List, Third Party Advisory
[security-announce] SUSE-SU-2015:1143-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
Document Display | HPE Support Center CONFIRM h20564.www2.hpe.com Third Party Advisory
HP Release Control TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Debian -- Security Information -- DSA-3688-1 nss DEBIAN www.debian.org Third Party Advisory
HPE Service Manager TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
'[security bulletin] HPSBGN03411 rev.1 - HP Operations Agent Virtual Appliance, Remote Unauthorized D' - MARC HP marc.info Mailing List, Third Party Advisory
'[security bulletin] HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Infor' - MARC HP marc.info Mailing List, Third Party Advisory
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Document Display | HPE Support Center CONFIRM support.hpe.com Third Party Advisory
[security-announce] SUSE-SU-2015:1319-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-4000) CONFIRM www-01.ibm.com Third Party Advisory
HP Operations Manager for Linux and UNIX TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
USN-2696-1: OpenJDK 7 vulnerabilities | Ubuntu UBUNTU www.ubuntu.com Third Party Advisory
Debian -- Security Information -- DSA-3316-1 openjdk-7 DEBIAN www.debian.org Third Party Advisory
[security-announce] SUSE-SU-2015:1581-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
OpenSSL TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Oracle Solaris Third Party Bulletin - July 2015 CONFIRM www.oracle.com Third Party Advisory
Oracle Communications Messaging Server TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Document Display | HPE Support Center CONFIRM h20564.www2.hpe.com Third Party Advisory
IBM Tivoli Composite Application Manager TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
IBM Security Network Protection TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
'[security bulletin] HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Di' - MARC HP marc.info Mailing List, Third Party Advisory
IBM Rational Build Forge TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Cognos Mobile app on Android (CVE-2015-4000) - United States CONFIRM www-01.ibm.com Third Party Advisory
NetBSD TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
About the security content of iOS 8.4 - Apple Support CONFIRM support.apple.com Third Party Advisory
StruxureWare Data Center Operation Software Vulnerability Fixes - User Assistance for StruxureWare Data Center Operation 8 - Help Center: Support for EcoStruxure IT, StruxureWare for Data Centers, and NetBotz CONFIRM help.ecostruxureit.com Third Party Advisory
HP Support document - HP Support Center CONFIRM h20564.www2.hpe.com Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Mozilla Network Security Service (NSS): Multiple vulnerabilities (GLSA 201701-46) — Gentoo security GENTOO security.gentoo.org Third Party Advisory
Debian -- Security Information -- DSA-3324-1 icedove DEBIAN www.debian.org Third Party Advisory
IBM notice: The page you requested cannot be displayed CONFIRM www-01.ibm.com Third Party Advisory
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
IBM WebSphere Real Time TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM WebSphere MQ Internet Passthru (CVE-2015-4000) CONFIRM www-304.ibm.com Third Party Advisory
www.openssl.org/news/secadv_20150611.txt CONFIRM www.openssl.org Vendor Advisory
HP Performance Manager TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
[security-announce] SUSE-SU-2015:1449-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf CONFIRM cert-portal.siemens.com
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
FortiGuard CONFIRM www.fortiguard.com Third Party Advisory
IBM WebSphere MQIPT TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
openSUSE-SU-2015:1684-1: moderate: Security update for apache2 SUSE lists.opensuse.org Mailing List, Third Party Advisory
HPE integrated Lights Out (iLO) TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Juniper Junos TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Document Display | HPE Support Center CONFIRM h20564.www2.hpe.com Third Party Advisory
HP Discovery & Dependency Mapping Inventory TLS RC4 Algorithm Lets Remote Users Decrypt Data - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
[security-announce] SUSE-SU-2015:1182-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
HP Operations Manager for Windows TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
CVE-2015-4000 Diffie-Hellman Export Cipher Suite vulnerability in Multiple NetApp Products | NetApp Product Security CONFIRM security.netapp.com Third Party Advisory
[security-announce] openSUSE-SU-2016:0226-1: important: Security update SUSE lists.opensuse.org Mailing List, Third Party Advisory
USN-2656-1: Firefox vulnerabilities | Ubuntu UBUNTU www.ubuntu.com Third Party Advisory
[security-announce] SUSE-SU-2015:1184-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
Logjam: the latest TLS vulnerability explained MISC blog.cloudflare.com Third Party Advisory
SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability BID www.securityfocus.com Third Party Advisory, VDB Entry
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Mozilla Products: Multiple vulnerabilities (GLSA 201512-10) — Gentoo Security GENTOO security.gentoo.org Third Party Advisory
2015-05 Out of Cycle Security Bulletin: "Logjam" passive attack on sub-1024 DH groups, and active downgrade attack of TLS to DHE_EXPORT (CVE-2015-4000) - Juniper Networks CONFIRM kb.juniper.net Third Party Advisory
IBM Infosphere Optim Query Workload Tuner for DB2 TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
[security-announce] openSUSE-SU-2015:1277-1: important: Security update SUSE lists.opensuse.org Mailing List, Third Party Advisory
[security-announce] openSUSE-SU-2015:1289-1: important: Security update SUSE lists.opensuse.org Mailing List, Third Party Advisory
[security-announce] SUSE-SU-2015:1177-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
[security-announce] SUSE-SU-2015:1150-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
Debian -- Security Information -- DSA-3287-1 openssl DEBIAN www.debian.org Third Party Advisory
IBM Cognos Mobile App TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
CVE-2015-4000 - Logjam TLS Vulnerability | Puppet CONFIRM puppet.com Third Party Advisory
IBM License Metric Tool TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Rational ClearQuest(CVE-2015-4000) CONFIRM www-304.ibm.com Third Party Advisory
[SECURITY] Fedora 20 Update: nss-3.19.1-1.0.fc20 FEDORA lists.fedoraproject.org Mailing List, Third Party Advisory
IBM InfoSphere Guardium TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
USN-2706-1: OpenJDK 6 vulnerabilities | Ubuntu UBUNTU www.ubuntu.com Third Party Advisory
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Software Architect , Rational Software Architect for Websphere software and Rational Software Architect Real Time (CVE-2015-4000, CVE-2015-0488, CVE-2015-0478, CVE-2015-02 CONFIRM www-01.ibm.com Third Party Advisory
McAfee Firewall Enterprise TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
McAfee KnowledgeBase - Intel Security - Security Bulletin: Seven OpenSSL CVEs Announced on June 11, 2015 CONFIRM kc.mcafee.com Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Oracle Java SE Multiple Flaws Lets Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access Data, Modify Data, and Deny Service - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
IBM Rational Team Concert TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
[security-announce] SUSE-SU-2016:0262-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SPSS Modeler (CVE-2015-4000, CVE-2015-0478, CVE-2015-0488) CONFIRM www-304.ibm.com Third Party Advisory
[security-announce] SUSE-SU-2015:1181-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
[security-announce] SUSE-SU-2015:1663-1: important: Security update for SUSE lists.opensuse.org Mailing List, Third Party Advisory
Document Display | HPE Support Center CONFIRM h20564.www2.hpe.com Third Party Advisory
CVE-2015-4000 CONFIRM www.suse.com Third Party Advisory
'[security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS' - MARC HP marc.info Mailing List, Third Party Advisory
openSUSE-SU-2016:0478-1: moderate: Security update for socat SUSE lists.opensuse.org Mailing List, Third Party Advisory
IBM FileNet Content Manager TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
'[security bulletin] HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) f' - MARC HP marc.info Mailing List, Third Party Advisory
openSUSE-SU-2015:1209-1: moderate: Security update for mysql-community-s SUSE lists.opensuse.org Mailing List, Third Party Advisory
IBM Content Manager Enterprise Edition TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Tivoli Storage Manager FastBack for Workstations (CVE-2015-4000) CONFIRM www-304.ibm.com Third Party Advisory
IBM Cognos Metrics Manager TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
SolarWinds Storage Manager Release Notes CONFIRM www.solarwinds.com Third Party Advisory
IBM Rational Software Architect Design Manager TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
oss-security - CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice MLIST openwall.com Mailing List, Third Party Advisory
Oracle Critical Patch Update Advisory - January 2021 MISC www.oracle.com
Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201603-11) — Gentoo Security GENTOO security.gentoo.org Third Party Advisory
weakdh.org/imperfect-forward-secrecy.pdf MISC weakdh.org Third Party Advisory
IBM Security Bulletin: Vulnerability in Diffie-Helman ciphers affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-4000) - United States CONFIRM www-01.ibm.com Third Party Advisory
1138554 – (CVE-2015-4000) NSS accepts export-length DHE keys with regular DHE cipher suites ("Logjam") CONFIRM bugzilla.mozilla.org Issue Tracking, Third Party Advisory
Oracle Solaris Bulletin - January 2016 CONFIRM www.oracle.com Third Party Advisory
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Content Manager Enterprise Edition (CVE-2015-4000) - United States CONFIRM www-01.ibm.com Third Party Advisory
[security-announce] openSUSE-SU-2015:1139-1: important: Security update SUSE lists.opensuse.org Mailing List, Third Party Advisory
Oracle Critical Patch Update - January 2016 CONFIRM www.oracle.com Third Party Advisory
HP Project and Portfolio Management Center TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Document Display | HPE Support Center CONFIRM h20566.www2.hpe.com Third Party Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
  • 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
  • 591280 Siemens SCALANCE X-200RNA Switch Devices Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-349-21, SSA-412672)
  • 671073 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2019-2643)
  • 671109 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2019-2509)
  • 710518 Gentoo Linux Mozilla Network Security Service (NSS) Multiple Vulnerabilities (GLSA 201701-46)
  • 753736 SUSE Enterprise Linux Security Update for nrpe (SUSE-SU-2023:0586-1)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report