CVE-2015-4000
CVSS v3.0
3.7 (Low)
CVSS v2.0
4.3 (Medium)
EPSS
97.36 % (100th)
Affected Products
25
Advisories
95
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2015-05-21 00:59:00
(9 years ago) - Updated Date
-
2023-02-09 16:15:28
(19 months ago)
Affected Products
Loading...
Loading...
Configuration #1
AND |
|
---|
Configuration #2
AND |
|
---|
Configuration #3
AND |
|
---|
Configuration #4
AND |
|
---|
Configuration #5
AND |
|
---|
Configuration #6
AND |
|
---|
Configuration #7
AND |
|
---|
Configuration #8
AND |
|
---|
Configuration #9
AND |
|
---|
Configuration #10
AND |
|
---|
Configuration #11
AND |
|
---|
Configuration #12
AND |
|
---|
Configuration #13
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...