Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2015-4000 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2015-4000

CVE-2015-4000

LOW3.7

The TLS protocol 1

Published May 21, 2015

Modified 1 years ago

Details

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

References(218)

http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc

http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727

http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

CVSS Analysis

CVSS v3.0

3.7

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

LowI:L

Availability

NoneA:N

3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Ecosystems

Timeline

PublishedMay 21, 2015

ModifiedAug 6, 2024