CVE-2015-4000
CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.htmlhttp://marc.info/?l=bugtraq&m=143880121627664&w=2http://rhn.redhat.com/errata/RHSA-2015-1243.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.htmlhttp://www.securitytracker.com/id/1033208http://www.securitytracker.com/id/1032637http://marc.info/?l=bugtraq&m=144050121701297&w=2http://www.debian.org/security/2016/dsa-3688http://www.debian.org/security/2015/dsa-3287http://marc.info/?l=bugtraq&m=144493176821532&w=2http://www.securitytracker.com/id/1032865