CVE-2015-4000 in Oracle Enterprise Manager Ops Centerinfo

Summary

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Reservation

05/15/2015

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
168223Oracle Enterprise Manager Ops Center User cryptographic issue310Not definedOfficial fixCVE-2015-4000
82675Oracle SPARC Enterprise Server XCP Firmware cryptographic issue310Not definedOfficial fixCVE-2015-4000
80581Oracle Secure Global Desktop OpenSSL cryptographic issue310Not definedOfficial fixCVE-2015-4000
78668Oracle Fujitsu M10-1/M10-4/M10-4S Servers XCP Firmware cryptographic issue310Not definedOfficial fixCVE-2015-4000
78627Oracle Communications Messaging Server cryptographic issue310Not definedOfficial fixCVE-2015-4000
75496TLS Protocol DHE_EXPORT Ciphersuite Logjam cryptographic issue310UnprovenWorkaroundCVE-2015-4000

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!