CVE-2015-4000

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-4000

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-4000.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-4000

Downstream

DEBIAN-CVE-2015-4000

DLA-247-1

DLA-303-1

DLA-507-1

DSA-3287-1

DSA-3300-1

DSA-3316-1

DSA-3324-1

DSA-3339-1

DSA-3688-1

RHSA-2015:1072

RHSA-2015:1185

RHSA-2015:1197

RHSA-2015:1228

RHSA-2015:1229

RHSA-2015:1230

RHSA-2015:1241

RHSA-2015:1242

RHSA-2015:1243

RHSA-2015:1485

RHSA-2015:1486

RHSA-2015:1488

RHSA-2015:1526

RHSA-2015:1544

RHSA-2015:1604

SUSE-FU-2022:0445-1

SUSE-RU-2015:0769-1

SUSE-SU-2015:0182-2

SUSE-SU-2015:0543-1

SUSE-SU-2015:0545-1

SUSE-SU-2015:0545-2

SUSE-SU-2015:0546-1

SUSE-SU-2015:0547-1

SUSE-SU-2015:0578-1

SUSE-SU-2015:0620-1

SUSE-SU-2015:0946-1

SUSE-SU-2015:1143-1

SUSE-SU-2015:1150-1

SUSE-SU-2015:1177-1

SUSE-SU-2015:1177-2

SUSE-SU-2015:1182-1

SUSE-SU-2015:1182-2

SUSE-SU-2015:1183-1

SUSE-SU-2015:1183-2

SUSE-SU-2015:1184-1

SUSE-SU-2015:1184-2

SUSE-SU-2015:1185-1

SUSE-SU-2015:1268-1

SUSE-SU-2015:1268-2

SUSE-SU-2015:1269-1

SUSE-SU-2015:1319-1

SUSE-SU-2015:1320-1

SUSE-SU-2015:1329-1

SUSE-SU-2015:1331-1

SUSE-SU-2015:1345-1

SUSE-SU-2015:1375-1

SUSE-SU-2015:1449-1

SUSE-SU-2015:1482-1

SUSE-SU-2015:1509-1

SUSE-SU-2015:1526-1

SUSE-SU-2015:1544-1

SUSE-SU-2015:1581-1

SUSE-SU-2015:1663-1

SUSE-SU-2015:1695-1

SUSE-SU-2015:1840-1

SUSE-SU-2015:1851-1

SUSE-SU-2016:0224-1

SUSE-SU-2016:0262-1

SUSE-SU-2016:0344-1

SUSE-SU-2016:1618-1

SUSE-SU-2016:2209-1

SUSE-SU-2016:2385-1

SUSE-SU-2018:1768-1

SUSE-SU-2023:0586-1

SUSE-SU-2023:4506-1

SUSE-SU-2023:4507-1

SUSE-SU-403

SUSE-SU-403 Forbidden-1

UBUNTU-CVE-2015-4000

USN-2656-1

USN-2673-1

USN-2696-1

openSUSE-SU-2024:10071-1

openSUSE-SU-2024:10197-1

openSUSE-SU-2024:10230-1

openSUSE-SU-2024:10268-1

openSUSE-SU-2024:10309-1

openSUSE-SU-2024:10371-1

openSUSE-SU-2024:10451-1

openSUSE-SU-2024:10534-1

openSUSE-SU-2024:14572-1

Related

Published

2015-05-21T00:59:00Z

Modified

2025-08-09T19:01:29Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then rewriting a ServerHello with DHEEXPORT replaced by DHE, aka the "Logjam" issue.

References

Affected packages