CVE-2015-4000

low Microsoft
CVSS v3 Base Score
3.7
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
93.7%
Exploitation probability in 30 days
Top 0% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
None
Published: May 21, 2015 (4012 days ago)
Last Modified: May 6, 2026
Vendor: Microsoft
Source: NVD

Description

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

CWE

CWE-310

Affected Products

openssl opensslcanonical ubuntu linuxhp hp-uxibm content manageroracle jrockitdebian debian linuxoracle jdkoracle jresuse linux enterprise desktopsuse linux enterprise server

References

🔗 aix.software.ibm.com 🔗 fortiguard.com 🔗 ftp.netbsd.org 🔗 h20564.www2.hpe.com 🔗 h20564.www2.hpe.com