Уязвимость CVE-2015-4000: Информация

Описание

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Важность: LOW (3,7) Вектор: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-4000

Опубликовано: 21 мая 2015 г.

Изменено: 9 февраля 2023 г.

Идентификатор типа ошибки: CWE-310

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
firefox-esr	sisyphus	38.1.1-alt1	115.11.0-alt1	ALT-PU-2015-1669-1	147316	Исправлено
firefox-esr	p10	38.1.1-alt1	115.11.0-alt1	ALT-PU-2015-1669-1	147316	Исправлено
firefox-esr	p9	38.1.1-alt1	102.11.0-alt0.c9.1	ALT-PU-2015-1669-1	147316	Исправлено
firefox-esr	c10f1	38.1.1-alt1	115.9.1-alt0.c10.1	ALT-PU-2015-1669-1	147316	Исправлено
firefox-esr	c9f2	38.1.1-alt1	102.12.0-alt0.c9.1	ALT-PU-2015-1669-1	147316	Исправлено
firefox-esr	p11	38.1.1-alt1	115.11.0-alt1	ALT-PU-2015-1669-1	147316	Исправлено
openssl10	p9	1.0.1k-alt3	1.0.2u-alt1.p9.2	ALT-PU-2015-1574-1	145469	Исправлено
openssl10	c9f2	1.0.1k-alt3	1.0.2u-alt1.p9.1	ALT-PU-2015-1574-1	145469	Исправлено
openssl10	c7	1.0.1r-alt0.M70C.1	1.0.1u-alt0.M70C.1	ALT-PU-2016-1072-1	156803	Исправлено
seamonkey	p9	2.38-alt2	2.53.14-alt1	ALT-PU-2015-1863-1	150583	Исправлено
seamonkey	c10f1	2.38-alt2	2.53.14-alt1	ALT-PU-2015-1863-1	150583	Исправлено
seamonkey	c9f2	2.38-alt2	2.53.14-alt1	ALT-PU-2015-1863-1	150583	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
https://weakdh.org/imperfect-forward-secrecy.pdf	Third Party Advisory
https://weakdh.org/	Third Party Advisory
https://www.suse.com/security/cve/CVE-2015-4000.html	Third Party Advisory
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/	Third Party Advisory
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/	Vendor Advisory
[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice	Mailing List Third Party Advisory
74733	Third Party Advisory VDB Entry
https://www.openssl.org/news/secadv_20150611.txt	Vendor Advisory
APPLE-SA-2015-06-30-2	Mailing List Third Party Advisory
APPLE-SA-2015-06-30-1	Mailing List Third Party Advisory
http://support.apple.com/kb/HT204941	Third Party Advisory
http://support.apple.com/kb/HT204942	Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-70.html	Third Party Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1138554	Issue Tracking Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Third Party Advisory
1033064	Third Party Advisory VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg21962455	Third Party Advisory
DSA-3324	Third Party Advisory
SUSE-SU-2015:1269	Mailing List Third Party Advisory
USN-2673-1	Third Party Advisory
SUSE-SU-2015:1268	Mailing List Third Party Advisory
SSRT102180	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Patch Third Party Advisory
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Patch Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722	Third Party Advisory
91787	Third Party Advisory VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763	Third Party Advisory
HPSBGN03533	Mailing List Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527	Third Party Advisory
HPSBGN03399	Mailing List Third Party Advisory
HPSBGN03402	Mailing List Third Party Advisory
HPSBUX03512	Mailing List Third Party Advisory
HPSBUX03363	Mailing List Third Party Advisory
HPSBGN03411	Mailing List Third Party Advisory
HPSBGN03351	Mailing List Third Party Advisory
HPSBGN03361	Mailing List Third Party Advisory
HPSBMU03401	Mailing List Third Party Advisory
HPSBGN03405	Mailing List Third Party Advisory
HPSBGN03362	Mailing List Third Party Advisory
HPSBGN03373	Mailing List Third Party Advisory
HPSBMU03356	Mailing List Third Party Advisory
HPSBGN03407	Mailing List Third Party Advisory
HPSBMU03345	Mailing List Third Party Advisory
HPSBGN03404	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Third Party Advisory
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727	Third Party Advisory
https://openssl.org/news/secadv/20150611.txt	Vendor Advisory
GLSA-201603-11	Third Party Advisory
openSUSE-SU-2016:0483	Mailing List Third Party Advisory
1034884	Third Party Advisory VDB Entry
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778	Third Party Advisory
openSUSE-SU-2016:0478	Mailing List Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21967893	Third Party Advisory
GLSA-201512-10	Third Party Advisory
SUSE-SU-2016:0224	Mailing List Third Party Advisory
openSUSE-SU-2016:0261	Mailing List Third Party Advisory
1034728	Third Party Advisory VDB Entry
1034087	Third Party Advisory VDB Entry
openSUSE-SU-2016:0226	Mailing List Third Party Advisory
1033991	Third Party Advisory VDB Entry
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789	Third Party Advisory
SUSE-SU-2016:0262	Mailing List Third Party Advisory
openSUSE-SU-2016:0255	Mailing List Third Party Advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246	Third Party Advisory
openSUSE-SU-2015:1684	Mailing List Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960041	Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa98	Third Party Advisory
1033760	VDB Entry Third Party Advisory
SUSE-SU-2015:1663	Mailing List Third Party Advisory
GLSA-201506-02	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959111	Third Party Advisory
1033513	Third Party Advisory VDB Entry
1033433	Third Party Advisory VDB Entry
1033430	Third Party Advisory VDB Entry
1033416	Third Party Advisory VDB Entry
1033385	Third Party Advisory VDB Entry
http://www.fortiguard.com/advisory/2015-05-20-logjam-attack	Third Party Advisory
http://support.citrix.com/article/CTX201114	Third Party Advisory
SUSE-SU-2015:1581	Mailing List Third Party Advisory
SUSE-SU-2015:1449	Mailing List Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21962816	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21962739	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21960191	Third Party Advisory
USN-2706-1	Third Party Advisory
USN-2696-1	Third Party Advisory
1033891	Third Party Advisory VDB Entry
1033341	Third Party Advisory VDB Entry
1033222	Third Party Advisory VDB Entry
1033210	Third Party Advisory VDB Entry
1033209	Third Party Advisory VDB Entry
1033208	Third Party Advisory VDB Entry
DSA-3339	Third Party Advisory
RHSA-2015:1526	Third Party Advisory
SUSE-SU-2015:1320	Mailing List Third Party Advisory
SUSE-SU-2015:1319	Mailing List Third Party Advisory
openSUSE-SU-2015:1289	Mailing List Third Party Advisory
openSUSE-SU-2015:1288	Mailing List Third Party Advisory
openSUSE-SU-2015:1277	Mailing List Third Party Advisory
openSUSE-SU-2015:1266	Mailing List Third Party Advisory
NetBSD-SA2015-008	Mailing List Third Party Advisory
http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc	Third Party Advisory
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403	Third Party Advisory
https://www-304.ibm.com/support/docview.wss?uid=swg21959745	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10122	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960418	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960380	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960194	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21959132	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21958984	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21961717	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959812	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959636	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959539	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959530	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959517	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959481	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959453	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959325	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959195	Third Party Advisory
USN-2656-2	Third Party Advisory
USN-2656-1	Third Party Advisory
1032884	Third Party Advisory VDB Entry
1032871	Third Party Advisory VDB Entry
1032865	Third Party Advisory VDB Entry
1032864	Third Party Advisory VDB Entry
1032856	Third Party Advisory VDB Entry
1032784	Third Party Advisory VDB Entry
1032783	Third Party Advisory VDB Entry
1032778	Third Party Advisory VDB Entry
1032777	Third Party Advisory VDB Entry
1032759	Third Party Advisory VDB Entry
1032727	Third Party Advisory VDB Entry
1032702	Third Party Advisory VDB Entry
1032699	Third Party Advisory VDB Entry
1032688	Third Party Advisory VDB Entry
1032656	Third Party Advisory VDB Entry
1032655	Third Party Advisory VDB Entry
1032654	Third Party Advisory VDB Entry
1032653	Third Party Advisory VDB Entry
1032652	Third Party Advisory VDB Entry
1032651	Third Party Advisory VDB Entry
1032650	Third Party Advisory VDB Entry
1032649	Third Party Advisory VDB Entry
1032648	Third Party Advisory VDB Entry
1032647	Third Party Advisory VDB Entry
1032645	Third Party Advisory VDB Entry
1032637	Third Party Advisory VDB Entry
DSA-3300	Third Party Advisory
openSUSE-SU-2015:1209	Mailing List Third Party Advisory
openSUSE-SU-2015:1229	Mailing List Third Party Advisory
SUSE-SU-2015:1185	Mailing List Third Party Advisory
SUSE-SU-2015:1184	Mailing List Third Party Advisory
SUSE-SU-2015:1183	Mailing List Third Party Advisory
SUSE-SU-2015:1182	Mailing List Third Party Advisory
SUSE-SU-2015:1181	Mailing List Third Party Advisory
SUSE-SU-2015:1177	Mailing List Third Party Advisory
SUSE-SU-2015:1150	Mailing List Third Party Advisory
SUSE-SU-2015:1143	Mailing List Third Party Advisory
openSUSE-SU-2015:1139	Mailing List Third Party Advisory
1032476	Third Party Advisory VDB Entry
1032475	Third Party Advisory VDB Entry
1032474	Third Party Advisory VDB Entry
DSA-3287	Third Party Advisory
RHSA-2015:1197	Third Party Advisory
RHSA-2015:1072	Third Party Advisory
FEDORA-2015-9161	Mailing List Third Party Advisory
FEDORA-2015-9048	Mailing List Third Party Advisory
FEDORA-2015-9130	Mailing List Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681	Third Party Advisory
GLSA-201701-46	Third Party Advisory
1036218	Third Party Advisory VDB Entry
1033067	Third Party Advisory VDB Entry
1033065	Third Party Advisory VDB Entry
1033019	Third Party Advisory VDB Entry
1032960	Third Party Advisory VDB Entry
1032932	Third Party Advisory VDB Entry
1032910	Third Party Advisory VDB Entry
DSA-3688	Third Party Advisory
DSA-3316	Third Party Advisory
SSRT102112	Third Party Advisory
https://security.netapp.com/advisory/ntap-20150619-0001/	Third Party Advisory
https://support.citrix.com/article/CTX216642	Third Party Advisory
https://puppet.com/security/cve/CVE-2015-4000	Third Party Advisory
RHSA-2016:2056	Third Party Advisory
RHSA-2016:1624	Third Party Advisory
RHSA-2015:1604	Third Party Advisory
RHSA-2015:1544	Third Party Advisory
RHSA-2015:1488	Third Party Advisory
RHSA-2015:1486	Third Party Advisory
RHSA-2015:1485	Third Party Advisory
RHSA-2015:1243	Third Party Advisory
RHSA-2015:1242	Third Party Advisory
RHSA-2015:1241	Third Party Advisory
RHSA-2015:1230	Third Party Advisory
RHSA-2015:1229	Third Party Advisory
RHSA-2015:1228	Third Party Advisory
RHSA-2015:1185	Third Party Advisory
1040630	Third Party Advisory VDB Entry
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us	Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	Third Party Advisory

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  Start including
  1.0.1
  End including
  1.0.1m
  cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  Start including
  1.0.2
  End including
  1.0.2a
  
  Конфигурация 2
  cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  
  Конфигурация 3
  cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  
  Конфигурация 4
  cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*
  
  Конфигурация 5
  cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*
  
  Конфигурация 6
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  
  Конфигурация 7
  cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*
  cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*
  cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*
  cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*
  cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*
  cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*
  cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*
  cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*
  cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:*
  cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:*
  
  Конфигурация 8
  cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
  cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
  
  Конфигурация 9
  cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
  End including
  10.10.3
  cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
  End including
  8.3
  
  Конфигурация 10
  cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*
  
  Конфигурация 11
  cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*
  End including
  1121
  
  Конфигурация 12
  cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*
  cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
  cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*
  
  Конфигурация 13
  cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*
  cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*
  cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*
  cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*
  cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*
  cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*

Версия: v24.5.3

Наверх

Уязвимость CVE-2015-4000: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2

Конфигурация 3

Конфигурация 4

Конфигурация 5

Конфигурация 6

Конфигурация 7

Конфигурация 8

Конфигурация 9

Конфигурация 10

Конфигурация 11

Конфигурация 12

Конфигурация 13