Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

UBUNTU-CVE-2015-4000

LOW3.7

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to co

Published May 20, 2015

Modified 1 years ago

Fix available

Details

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Affected Packages

Ubuntu:14.04:LTSapache2

Affected versions:

2.4.6-2ubuntu22.4.6-2ubuntu32.4.6-2ubuntu42.4.7-1ubuntu12.4.7-1ubuntu22.4.7-1ubuntu32.4.7-1ubuntu42.4.7-1ubuntu4.1

Fixed in:

2.4.7-1ubuntu4.4

Ubuntu:14.04:LTSfirefox

Affected versions:

24.0+build1-0ubuntu125.0+build3-0ubuntu0.13.10.128.0+build1-0ubuntu128.0+build2-0ubuntu128.0+build2-0ubuntu228.0~b2+build1-0ubuntu229.0+build1-0ubuntu0.14.04.230.0+build1-0ubuntu0.14.04.331.0+build1-0ubuntu0.14.04.132.0+build1-0ubuntu0.14.04.1+12 more

Fixed in:

39.0+build5-0ubuntu0.14.04.1

Ubuntu:14.04:LTSnss

Affected versions:

2:3.15.1-1ubuntu12:3.15.2-12:3.15.3-12:3.15.3.1-12:3.15.3.1-1.12:3.15.3.1-1.1ubuntu12:3.15.4-1ubuntu32:3.15.4-1ubuntu42:3.15.4-1ubuntu52:3.15.4-1ubuntu6+6 more

Fixed in:

2:3.19.2-0ubuntu0.14.04.1

Ubuntu:16.04:LTSnss

Fixed in:

2:3.19.2-1ubuntu1

Ubuntu:14.04:LTSopenjdk-6

Affected versions:

6b27-1.12.6-1ubuntu26b27-1.12.7-2ubuntu16b29-1.13.0-1ubuntu26b30-1.13.1-1ubuntu16b30-1.13.1-1ubuntu26b30-1.13.2-1ubuntu16b31-1.13.3-1ubuntu16b32-1.13.4-4ubuntu0.14.04.16b33-1.13.5-1ubuntu0.14.046b34-1.13.6-1ubuntu0.14.04.1+1 more

Fixed in:

6b36-1.13.8-0ubuntu1~14.04

Ubuntu:14.04:LTSopenjdk-7

Affected versions:

7u25-2.3.12-4ubuntu37u25-2.3.12-4ubuntu57u45-2.4.3-3ubuntu17u45-2.4.3-3ubuntu27u45-2.4.3-4ubuntu17u45-2.4.3-4ubuntu27u51-2.4.4-1ubuntu17u51-2.4.5-1ubuntu17u51-2.4.6-1ubuntu37u51-2.4.6-1ubuntu4+8 more

Fixed in:

7u79-2.5.6-0ubuntu1.14.04.1

Ubuntu:14.04:LTSopenssl

Affected versions:

1.0.1e-3ubuntu11.0.1e-4ubuntu11.0.1e-4ubuntu21.0.1e-4ubuntu31.0.1e-4ubuntu41.0.1f-1ubuntu11.0.1f-1ubuntu21.0.1f-1ubuntu2.11.0.1f-1ubuntu2.111.0.1f-1ubuntu2.2+5 more

Fixed in:

1.0.1f-1ubuntu2.12

Ubuntu:14.04:LTSthunderbird

Affected versions:

1:24.0+build1-0ubuntu11:24.0+build1-0ubuntu21:24.1.1+build1-0ubuntu0.13.10.11:24.1.1+build1-0ubuntu11:24.2.0+build1-0ubuntu11:24.4.0+build1-0ubuntu11:24.5.0+build1-0ubuntu0.14.04.11:24.6.0+build1-0ubuntu0.14.04.11:31.0+build1-0ubuntu0.14.04.11:31.1.1+build1-0ubuntu0.14.04.1+7 more

Fixed in:

1:31.8.0+build1-0ubuntu0.14.04.1

References

REPORThttp://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007597.html REPORThttps://access.redhat.com/articles/1456263 REPORThttps://nohats.ca/wordpress/blog/2015/05/20/weakdh-and-ike-ipsec/REPORThttps://ubuntu.com/security/CVE-2015-4000 REPORThttps://ubuntu.com/security/notices/USN-2624-1 REPORThttps://ubuntu.com/security/notices/USN-2625-1 REPORThttps://ubuntu.com/security/notices/USN-2639-1 REPORThttps://ubuntu.com/security/notices/USN-2656-1 REPORThttps://ubuntu.com/security/notices/USN-2656-2 REPORThttps://ubuntu.com/security/notices/USN-2673-1 REPORThttps://ubuntu.com/security/notices/USN-2696-1 REPORThttps://ubuntu.com/security/notices/USN-2706-1 REPORThttps://weakdh.org/REPORThttps://weakdh.org/imperfect-forward-secrecy.pdf REPORThttps://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam REPORThttps://www.cve.org/CVERecord?id=CVE-2015-4000 REPORThttps://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/

CVSS Analysis

CVSS v3.0

3.7

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

LowI:L

Availability

NoneA:N

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Related

CVE-2015-4000 USN-2624-1 USN-2625-1 USN-2639-1 USN-2656-1 USN-2656-2 USN-2673-1 USN-2696-1 USN-2706-1

Ecosystems

Ubuntu 14.04 LTS Ubuntu 16.04 LTS

Timeline

PublishedMay 20, 2015

ModifiedJan 13, 2025

UBUNTU-CVE-2015-4000 | Mondoo Vulnerability Intelligence