VDB-75496 · CVE-2015-4000 · BID 74733

TLS Protocol up to 1.2 DHE_EXPORT Ciphersuite Logjam cryptographic issues

A vulnerability has been found in TLS Protocol up to 1.2 and classified as critical. This vulnerability affects an unknown functionality of the component DHE_EXPORT Ciphersuite. It is possible to mitigate the problem by applying the configuration setting . A possible mitigation has been published 2 weeks after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 19886.

Field	05/21/2015 10:17 AM	05/03/2019 09:38 PM
name	TLS Protocol	TLS Protocol
version	<=1.2	<=1.2
component	DHE_EXPORT Ciphersuite	DHE_EXPORT Ciphersuite
affectedlist	Debian GNU/Linux	Debian GNU/Linux
cwe	310 (weak encryption)	310 (weak encryption)
risk	3	3
historic	1	1
cvss2_vuldb_basescore	5.1	5.1
cvss2_vuldb_tempscore	4.1	4.1
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	H	H
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_nvd_av	N	N
cvss2_nvd_ac	M	M
cvss2_nvd_au	N	N
cvss2_nvd_ci	N	N
cvss2_nvd_ii	P	P
cvss2_nvd_ai	N	N
cvss3_meta_basescore	3.7	3.7
cvss3_meta_tempscore	3.3	3.3
cvss3_vuldb_basescore	3.7	3.7
cvss3_vuldb_tempscore	3.3	3.3
cvss3_nvd_av	N	N
cvss3_nvd_ac	H	H
cvss3_nvd_pr	N	N
cvss3_nvd_ui	N	N
cvss3_nvd_s	U	U
cvss3_nvd_c	N	N
cvss3_nvd_i	L	L
cvss3_nvd_a	N	N
titleword	Logjam	Logjam
date	1432166400 (05/21/2015)	1432166400 (05/21/2015)
location	oss-sec	oss-sec
type	Mailinglist Post	Mailinglist Post
url	http://seclists.org/oss-sec/2015/q2/504	http://seclists.org/oss-sec/2015/q2/504
identifier	FG-IR-15-013 / CTX201114	FG-IR-15-013 / CTX201114
person_name	David Adrian/Karthikeyan Bhargavan/Zakir Durumeric/Pierrick Gaudry/Matthew Green/J. Alex Halderman/Nadia Heninger/Drew Springall/Emmanuel Thomé/Luke Valenta/Benjamin VanderSloot/Eric Wustrow/Santiago Zanella-Béguelink/Paul Zimmermann	David Adrian/Karthikeyan Bhargavan/Zakir Durumeric/Pierrick Gaudry/Matthew Green/J. Alex Halderman/Nadia Heninger/Drew Springall/Emmanuel Thomé/Luke Valenta/Benjamin VanderSloot/Eric Wustrow/Santiago Zanella-Béguelink/Paul Zimmermann
confirm_url	https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/	https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
price_0day	$25k-$100k	$25k-$100k
name	Config	Config
advisoryquote	We have three recommendations for correctly deploying Diffie-Hellman for TLS: 1. Disable Export Cipher Suites, 2. Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE), 3. Generate a Strong, Unique Diffie Hellman Group.	We have three recommendations for correctly deploying Diffie-Hellman for TLS: 1. Disable Export Cipher Suites, 2. Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE), 3. Generate a Strong, Unique Diffie Hellman Group.
cve	CVE-2015-4000	CVE-2015-4000
cve_assigned	1431648000	1431648000
cve_nvd_published	1432080000	1432080000
cve_nvd_summary	The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.	The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
oval_id	oval:org.mitre.oval:def:29252	oval:org.mitre.oval:def:29252
osvdb	122331	122331
securityfocus	74733	74733
securityfocus_date	1431993600 (05/19/2015)	1431993600 (05/19/2015)
securityfocus_class	Design Error	Design Error
securityfocus_title	SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability	SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
vulnerabilitycenter	51701	51701
vulnerabilitycenter_title	TLS <=1.2 Remote Man-in-the Middle via Cipher-Downgrade Attacks (aka \	TLS <=1.2 Remote Man-in-the Middle via Cipher-Downgrade Attacks (aka \
vulnerabilitycenter_severity	Medium	Medium
vulnerabilitycenter_creationdate	1438473600	1438473600
vulnerabilitycenter_lastupdatedate	1546905600	1546905600
vulnerabilitycenter_reportingdate	1436313600	1436313600
xforce	103294	103294
xforce_title	TLS Diffie-Hellman Key Exchange information disclosure	TLS Diffie-Hellman Key Exchange information disclosure
xforce_identifier	tls-diffie-hellman-info-disc	tls-diffie-hellman-info-disc
heise	2657502	2657502
nessus_id	83937	83937
nessus_name	Fedora 21 : nss-3.19.1-1.0.fc21 / nss-softokn-3.19.1-1.0.fc21 / nss-util-3.19.1-1.0.fc21 (2015-9130) (Logjam)	Fedora 21 : nss-3.19.1-1.0.fc21 / nss-softokn-3.19.1-1.0.fc21 / nss-util-3.19.1-1.0.fc21 (2015-9130) (Logjam)
nessus_filename	ala_ALAS-2015-550.nasl	ala_ALAS-2015-550.nasl
nessus_risk	Medium	Medium
nessus_family	Fedora Local Security Checks	Fedora Local Security Checks
nessus_type	local	local
nessus_port	0	0
nessus_date	1433203200 (06/02/2015)	1433203200 (06/02/2015)
nessus_code	if (rpm_check(release:"ALA", reference:"openssl-1.0.1k-10.86.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-debuginfo-1.0.1k-10.86.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-devel-1.0.1k-10.86.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-perl-1.0.1k-10.86.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-static-1.0.1k-10.86.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); }	if (rpm_check(release:"ALA", reference:"openssl-1.0.1k-10.86.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-debuginfo-1.0.1k-10.86.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-devel-1.0.1k-10.86.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-perl-1.0.1k-10.86.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-static-1.0.1k-10.86.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); }
qualys_id	350152	350152
qualys_title	Amazon Linux Security Advisory for openssl: ALAS-2015-550	Amazon Linux Security Advisory for openssl: ALAS-2015-550
tippingpoint_id	19886	19886
fortigate_ips_id	40651	40651
videolink	https://youtu.be/87s1nkATfzk	https://youtu.be/87s1nkATfzk
misc	https://weakdh.org/imperfect-forward-secrecy.pdf	https://weakdh.org/imperfect-forward-secrecy.pdf
seealso	75951 78627 78668 80581 82675	75951 78627 78668 80581 82675
cvss2_vuldb_e	U	U
cvss2_vuldb_rl	W	W
cvss2_vuldb_rc	C	C
cvss3_vuldb_e	U	U
cvss3_vuldb_rl	W	W
cvss3_vuldb_rc	C	C
reaction_days	9	9
exposure_days	9	9
cvss3_nvd_basescore	3.7	3.7
cvss3_vuldb_av		N
cvss3_vuldb_ac		H
cvss3_vuldb_pr		N
cvss3_vuldb_ui		N
cvss3_vuldb_s		U
cvss3_vuldb_c		N
cvss3_vuldb_i		L
cvss3_vuldb_a		N
date		1432944000 (05/30/2015)
openvas_id		14611
openvas_filename		alas-2015-586.nasl
openvas_title		Amazon Linux Local Check: alas-2015-586
openvas_family		Amazon Linux Local Security Checks
mcafee_ips_id		SSL: OpenSSL Request For Export Grade Cipher Suite Detected
mcafee_ips_version		8.1.78.7

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!