Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

  • Published: May 21, 2015
  • Updated: Apr 13, 2023
  • CVE: CVE-2015-4000
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 3.7
  • AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

Software From Fixed in
openssl / openssl 1.0.1 1.0.1m.x
openssl / openssl 1.0.2 1.0.2a.x
canonical / ubuntu_linux 12.04 12.04.x
canonical / ubuntu_linux 14.10 14.10.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 15.04 15.04.x
openssl / openssl - 1.0.1m.x
hp / hp-ux b.11.31 b.11.31.x
ibm / content_manager 8.5 8.5.x
oracle / jrockit r28.3.6 r28.3.6.x
debian / debian_linux 8.0 8.0.x
debian / debian_linux 7.0 7.0.x
oracle / jdk 1.8.0-update_33 1.8.0-update_33.x
oracle / jre 1.7.0-update_75 1.7.0-update_75.x
oracle / jre 1.6.0-update_95 1.6.0-update_95.x
oracle / jre 1.8.0-update_45 1.8.0-update_45.x
oracle / jre 1.8.0-update_33 1.8.0-update_33.x
oracle / jre 1.7.0-update_80 1.7.0-update_80.x
oracle / jdk 1.8.0-update45 1.8.0-update45.x
oracle / jdk 1.7.0-update75 1.7.0-update75.x
oracle / jdk 1.6.0-update95 1.6.0-update95.x
oracle / jdk 1.7.0-update80 1.7.0-update80.x
suse / linux_enterprise_server 11.0-sp4 11.0-sp4.x
suse / linux_enterprise_software_development_kit 12 12.x
suse / linux_enterprise_desktop 12 12.x
suse / suse_linux_enterprise_server 12 12.x
apple / mac_os_x - 10.10.3.x
apple / iphone_os - 8.3.x
mozilla / network_security_services 3.19 3.19.x
oracle / sparc-opl_service_processor - 1121.x
mozilla / firefox_esr 38.1.0 38.1.0.x
mozilla / seamonkey 2.35 2.35.x
mozilla / thunderbird 38.1 38.1.x
mozilla / thunderbird 31.8 31.8.x
mozilla / firefox_os 2.2 2.2.x
mozilla / firefox 39.0 39.0.x
mozilla / firefox_esr 31.8 31.8.x