CVE-2015-4000

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 20-05-2015 02:00

Last modified: - 20-05-2015 02:00

Total changes: - 216

Description

CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

High

Attack complexity

Network

Attack vector

None

Availability

None

Confidentiality

Low

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

3.7

Base score

Exploitability score

Impact score

Verification logic

AND

product=java-1.7.0-oracle-1 AND versionEndExcluding=1.7.0.85-1jpp.1.el5_11

vendor=Red Hat Enterprise Linux AND product=rhel_extras_oracle_java AND version=5

AND

product=java-1.6.0-sun-1 AND versionEndExcluding=1.6.0.101-1jpp.1.el5_11

vendor=Red Hat Enterprise Linux AND product=rhel_extras_oracle_java AND version=5

AND

product=java-1.8.0-oracle-1 AND versionEndExcluding=1.8.0.51-1jpp.2.el6_6

vendor=Red Hat Enterprise Linux AND product=rhel_extras_oracle_java AND version=6

AND

product=java-1.7.0-oracle-1 AND versionEndExcluding=1.7.0.85-1jpp.2.el6_6

vendor=Red Hat Enterprise Linux AND product=rhel_extras_oracle_java AND version=6

AND

product=java-1.6.0-sun-1 AND versionEndExcluding=1.6.0.101-1jpp.1.el6_6

vendor=Red Hat Enterprise Linux AND product=rhel_extras_oracle_java AND version=6

AND

product=java-1.8.0-oracle-1 AND versionEndExcluding=1.8.0.51-1jpp.2.el7_1

vendor=Red Hat Enterprise Linux AND product=rhel_extras_oracle_java AND version=7

AND

product=java-1.7.0-oracle-1 AND versionEndExcluding=1.7.0.85-1jpp.2.el7_1

vendor=Red Hat Enterprise Linux AND product=rhel_extras_oracle_java AND version=7

AND

product=java-1.6.0-sun-1 AND versionEndExcluding=1.6.0.101-1jpp.1.el7_1

vendor=Red Hat Enterprise Linux AND product=rhel_extras_oracle_java AND version=7

AND

product=openssl-0 AND versionEndExcluding=0.9.8e-36.el5_11

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5

AND

product=java-1.7.0-openjdk-1 AND versionEndExcluding=1.7.0.85-2.6.1.3.el5_11

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5

AND

product=java-1.6.0-openjdk-1 AND versionEndExcluding=1.6.0.36-1.13.8.1.el5_11

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5

AND

product=java-1.6.0-ibm-1 AND versionEndExcluding=1.6.0.16.7-1jpp.1.el5

vendor=Red Hat Enterprise Linux AND product=rhel_extras AND version=5

AND

product=java-1.7.0-ibm-1 AND versionEndExcluding=1.7.0.9.10-1jpp.2.el5

vendor=Red Hat Enterprise Linux AND product=rhel_extras AND version=5

AND

product=java-1.5.0-ibm-1 AND versionEndExcluding=1.5.0.16.13-1jpp.3.el5

vendor=Red Hat Enterprise Linux AND product=rhel_extras AND version=5

AND

product=openssl-0 AND versionEndExcluding=1.0.1e-30.el6_6.9

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6

AND

product=nss-0 AND versionEndExcluding=3.19.1-3.el6_6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6

AND

product=nss-util-0 AND versionEndExcluding=3.19.1-1.el6_6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6

AND

product=java-1.8.0-openjdk-1 AND versionEndExcluding=1.8.0.51-0.b16.el6_6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6

AND

product=java-1.7.0-openjdk-1 AND versionEndExcluding=1.7.0.85-2.6.1.3.el6_6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6

AND

product=java-1.6.0-openjdk-1 AND versionEndExcluding=1.6.0.36-1.13.8.1.el6_7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6

AND

product=java-1.7.1-ibm-1 AND versionEndExcluding=1.7.1.3.10-1jpp.3.el6_7

vendor=Red Hat Enterprise Linux AND product=rhel_extras AND version=6

AND

product=java-1.6.0-ibm-1 AND versionEndExcluding=1.6.0.16.7-1jpp.1.el6_7

vendor=Red Hat Enterprise Linux AND product=rhel_extras AND version=6

AND

product=java-1.5.0-ibm-1 AND versionEndExcluding=1.5.0.16.13-1jpp.3.el6_7

vendor=Red Hat Enterprise Linux AND product=rhel_extras AND version=6

AND

product=openssl-1 AND versionEndExcluding=1.0.1e-42.el7_1.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=nss-0 AND versionEndExcluding=3.19.1-3.el7_1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=nss-util-0 AND versionEndExcluding=3.19.1-1.el7_1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=java-1.8.0-openjdk-1 AND versionEndExcluding=1.8.0.51-1.b16.ael7b_1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=java-1.7.0-openjdk-1 AND versionEndExcluding=1.7.0.85-2.6.1.2.ael7b_1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=java-1.6.0-openjdk-1 AND versionEndExcluding=1.6.0.36-1.13.8.1.el7_1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=openssl

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=6.4

AND

product=java-1.6.0-ibm-1 AND versionEndExcluding=1.6.0.16.7-1jpp.1.el6_7

vendor=Red Hat Enterprise Linux AND product=network_satellite AND version=5.6

AND

product=java-1.6.0-ibm-1 AND versionEndExcluding=1.6.0.16.7-1jpp.1.el6_7

vendor=Red Hat Enterprise Linux AND product=network_satellite AND version=5.7

AND

product=java-1.7.1-ibm-1 AND versionEndExcluding=1.7.1.3.10-1jpp.1.el7_1

vendor=Red Hat Enterprise Linux AND product=rhel_extras AND version=7

AND

product=openssl097a AND version=

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5

AND

product=openssl098e AND version=

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6

AND

product=openssl098e AND version=

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=openssl AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=1

AND

product=openssl AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=openssl AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=3

Reference

Keywords

CVE-2015-4000

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

REDHAT

CVE-2015-4000

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures