Vulnerability Name:

CVE-2015-4000

Assigned:2015-05-15
Published:2015-05-20
Updated:2017-11-14
Summary:The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVSS v3 Severity:3.7 Low (CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
3.7 Low (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
3.7 Low (REDHAT CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-310
CWE-327
References:Source: CONFIRM
Type: UNKNOWN
http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc

Source: CONFIRM
Type: UNKNOWN
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery

Source: NETBSD
Type: UNKNOWN
NetBSD-SA2015-008

Source: CONFIRM
Type: UNKNOWN
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402

Source: CONFIRM
Type: UNKNOWN
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727

Source: APPLE
Type: UNKNOWN
APPLE-SA-2015-06-30-1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2015-06-30-2

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-9130

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-9048

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-9161

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1139

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1143

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1150

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1177

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1181

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1182

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1183

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1184

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1185

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1229

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1266

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1268

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1269

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1277

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1288

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1289

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1319

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1320

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1449

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1581

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1663

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:0224

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0226

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0255

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0261

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:0262

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1209

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1684

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0478

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0483

Source: HP
Type: UNKNOWN
HPSBMU03356

Source: HP
Type: UNKNOWN
HPSBGN03351

Source: HP
Type: UNKNOWN
HPSBGN03362

Source: HP
Type: UNKNOWN
HPSBGN03361

Source: HP
Type: UNKNOWN
HPSBUX03363

Source: HP
Type: UNKNOWN
HPSBGN03373

Source: HP
Type: UNKNOWN
SSRT102180

Source: HP
Type: UNKNOWN
HPSBMU03345

Source: HP
Type: UNKNOWN
HPSBGN03404

Source: HP
Type: UNKNOWN
HPSBGN03399

Source: HP
Type: UNKNOWN
HPSBGN03405

Source: HP
Type: UNKNOWN
HPSBGN03411

Source: HP
Type: UNKNOWN
HPSBGN03402

Source: HP
Type: UNKNOWN
HPSBGN03407

Source: HP
Type: UNKNOWN
HPSBMU03401

Source: HP
Type: UNKNOWN
SSRT102254

Source: HP
Type: UNKNOWN
HPSBGN03533

Source: MLIST
Type: UNKNOWN
[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1072

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1197

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1526

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT204941

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT204942

Source: CONFIRM
Type: UNKNOWN
http://support.citrix.com/article/CTX201114

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21959111

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21959195

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21959325

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21959453

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21959481

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21959517

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21959530

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21959539

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21959636

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21959812

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21960191

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21961717

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21962455

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21962739

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21958984

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21959132

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21960041

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21960194

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21960380

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21960418

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21962816

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21967893

Source: DEBIAN
Type: UNKNOWN
DSA-3287

Source: DEBIAN
Type: UNKNOWN
DSA-3300

Source: DEBIAN
Type: UNKNOWN
DSA-3316

Source: DEBIAN
Type: UNKNOWN
DSA-3324

Source: DEBIAN
Type: UNKNOWN
DSA-3339

Source: DEBIAN
Type: UNKNOWN
DSA-3688

Source: CONFIRM
Type: UNKNOWN
http://www.fortiguard.com/advisory/2015-05-20-logjam-attack

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/2015/mfsa2015-70.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Source: BID
Type: UNKNOWN
74733

Source: BID
Type: UNKNOWN
91787

Source: SECTRACK
Type: UNKNOWN
1032474

Source: SECTRACK
Type: UNKNOWN
1032475

Source: SECTRACK
Type: UNKNOWN
1032476

Source: SECTRACK
Type: UNKNOWN
1032637

Source: SECTRACK
Type: UNKNOWN
1032645

Source: SECTRACK
Type: UNKNOWN
1032647

Source: SECTRACK
Type: UNKNOWN
1032648

Source: SECTRACK
Type: UNKNOWN
1032649

Source: SECTRACK
Type: UNKNOWN
1032650

Source: SECTRACK
Type: UNKNOWN
1032651

Source: SECTRACK
Type: UNKNOWN
1032652

Source: SECTRACK
Type: UNKNOWN
1032653

Source: SECTRACK
Type: UNKNOWN
1032654

Source: SECTRACK
Type: UNKNOWN
1032655

Source: SECTRACK
Type: UNKNOWN
1032656

Source: SECTRACK
Type: UNKNOWN
1032688

Source: SECTRACK
Type: UNKNOWN
1032699

Source: SECTRACK
Type: UNKNOWN
1032702

Source: SECTRACK
Type: UNKNOWN
1032727

Source: SECTRACK
Type: UNKNOWN
1032759

Source: SECTRACK
Type: UNKNOWN
1032777

Source: SECTRACK
Type: UNKNOWN
1032778

Source: SECTRACK
Type: UNKNOWN
1032783

Source: SECTRACK
Type: UNKNOWN
1032784

Source: SECTRACK
Type: UNKNOWN
1032856

Source: SECTRACK
Type: UNKNOWN
1032864

Source: SECTRACK
Type: UNKNOWN
1032865

Source: SECTRACK
Type: UNKNOWN
1032871

Source: SECTRACK
Type: UNKNOWN
1032884

Source: SECTRACK
Type: UNKNOWN
1032910

Source: SECTRACK
Type: UNKNOWN
1032932

Source: SECTRACK
Type: UNKNOWN
1032960

Source: SECTRACK
Type: UNKNOWN
1033019

Source: SECTRACK
Type: UNKNOWN
1033064

Source: SECTRACK
Type: UNKNOWN
1033065

Source: SECTRACK
Type: UNKNOWN
1033067

Source: SECTRACK
Type: UNKNOWN
1033208

Source: SECTRACK
Type: UNKNOWN
1033209

Source: SECTRACK
Type: UNKNOWN
1033210

Source: SECTRACK
Type: UNKNOWN
1033222

Source: SECTRACK
Type: UNKNOWN
1033341

Source: SECTRACK
Type: UNKNOWN
1033385

Source: SECTRACK
Type: UNKNOWN
1033416

Source: SECTRACK
Type: UNKNOWN
1033430

Source: SECTRACK
Type: UNKNOWN
1033433

Source: SECTRACK
Type: UNKNOWN
1033513

Source: SECTRACK
Type: UNKNOWN
1033760

Source: SECTRACK
Type: UNKNOWN
1033891

Source: SECTRACK
Type: UNKNOWN
1033991

Source: SECTRACK
Type: UNKNOWN
1034087

Source: SECTRACK
Type: UNKNOWN
1034728

Source: SECTRACK
Type: UNKNOWN
1034884

Source: SECTRACK
Type: UNKNOWN
1036218

Source: CONFIRM
Type: UNKNOWN
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm

Source: UBUNTU
Type: UNKNOWN
USN-2656-1

Source: UBUNTU
Type: UNKNOWN
USN-2656-2

Source: UBUNTU
Type: UNKNOWN
USN-2673-1

Source: UBUNTU
Type: UNKNOWN
USN-2696-1

Source: UBUNTU
Type: UNKNOWN
USN-2706-1

Source: MISC
Type: UNKNOWN
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/

Source: CONFIRM
Type: UNKNOWN
https://bto.bluecoat.com/security-advisory/sa98

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=1138554

Source: CONFIRM
Type: UNKNOWN
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes

Source: XF
Type: UNKNOWN
tls-diffie-hellman-info-disc(103294)

Source: HP
Type: UNKNOWN
SSRT102112

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083

Source: CONFIRM
Type: UNKNOWN
https://kc.mcafee.com/corporate/index?page=content&id=SB10122

Source: CONFIRM
Type: UNKNOWN
https://openssl.org/news/secadv/20150611.txt

Source: GENTOO
Type: UNKNOWN
GLSA-201506-02

Source: GENTOO
Type: UNKNOWN
GLSA-201512-10

Source: GENTOO
Type: UNKNOWN
GLSA-201603-11

Source: GENTOO
Type: UNKNOWN
GLSA-201701-46

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20150619-0001/

Source: CONFIRM
Type: UNKNOWN
https://support.citrix.com/article/CTX216642

Source: MISC
Type: UNKNOWN
https://weakdh.org/

Source: MISC
Type: VENDOR_ADVISORY
https://weakdh.org/imperfect-forward-secrecy.pdf

Source: CONFIRM
Type: UNKNOWN
https://www-304.ibm.com/support/docview.wss?uid=swg21959745

Source: CONFIRM
Type: UNKNOWN
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403

Source: CONFIRM
Type: UNKNOWN
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/

Source: CONFIRM
Type: VENDOR_ADVISORY
https://www.openssl.org/news/secadv_20150611.txt

Source: CONFIRM
Type: UNKNOWN
https://www.suse.com/security/cve/CVE-2015-4000.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/a:ibm:content_manager:8.5::~~~enterprise~~:*:*:*:*:*

  • Configuration 5:
  • cpe:/a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*

  • Configuration 6:
  • cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

  • Configuration 7:
  • cpe:/a:oracle:jdk:1.6.0:update_95:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update_75:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update_80:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.8.0:update_45:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*

  • Configuration 8:
  • cpe:/o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:12:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*

  • Configuration 9:
  • cpe:/o:apple:iphone_os:8.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*

  • Configuration 10:
  • cpe:/a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*

  • Configuration 11:
  • cpe:/a:oracle:sparc-opl_service_processor:1121:*:*:*:*:*:*:*

  • Configuration 12:
  • cpe:/a:apple:safari:*:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:-:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:-:*:*:*:*:*:*:*

  • Configuration 13:
  • cpe:/a:mozilla:firefox:39.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*
  • OR cpe:/o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/a:redhat:rhel_extras_oracle_java:7:*:*:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/a:redhat:rhel_extras_oracle_java:6:*:*:*:*:*:*:*

  • Configuration RedHat 6:
  • cpe:/a:redhat:rhel_extras_oracle_java:5:*:*:*:*:*:*:*

  • Configuration RedHat 7:
  • cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

  • Configuration RedHat 8:
  • cpe:/a:redhat:rhel_extras:7:*:*:*:*:*:*:*

  • Configuration RedHat 9:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20154000
    V
    CVE-2015-4000
    2017-11-24
    oval:org.cisecurity:def:1273
    P
    DSA-3688-1 -- nss -- security update
    2016-11-25
    oval:org.mitre.oval:def:29329
    V
    Vulnerabilities in OpenSSL affect AIX
    2016-04-15
    oval:org.mitre.oval:def:29478
    V
    HP-UX OpenSSL Vulnerability (DHE man-in-the-middle protection (Logjam))
    2016-02-19
    oval:org.cisecurity:def:149
    P
    DSA-3324-1 -- icedove -- security update
    2016-02-08
    oval:org.cisecurity:def:165
    P
    DSA-3300-1 -- iceweasel -- security update
    2016-02-08
    oval:org.cisecurity:def:192
    P
    DSA-3339-1 -- openjdk-6 -- security update
    2016-02-08
    oval:org.cisecurity:def:130
    P
    DSA-3316-1 -- openjdk-7 -- security update
    2016-02-08
    oval:org.cisecurity:def:217
    P
    DSA-3287-1 -- openssl -- security update
    2016-02-08
    oval:org.mitre.oval:def:28265
    P
    SUSE-SU-2015:1143-1 -- Security update for openssl (important)
    2015-08-17
    oval:org.mitre.oval:def:29252
    P
    SUSE-SU-2015:1150-1 -- Security update for compat-openssl098 (important)
    2015-08-17
    oval:com.redhat.rhsa:def:20151544
    P
    RHSA-2015:1544: java-1.5.0-ibm security update (Important)
    2015-08-04
    oval:com.redhat.rhsa:def:20151526
    P
    RHSA-2015:1526: java-1.6.0-openjdk security update (Important)
    2015-07-30
    oval:com.redhat.rhsa:def:20151488
    P
    RHSA-2015:1488: java-1.7.0-ibm security update (Critical)
    2015-07-23
    oval:com.redhat.rhsa:def:20151485
    P
    RHSA-2015:1485: java-1.7.1-ibm security update (Critical)
    2015-07-22
    oval:com.redhat.rhsa:def:20151486
    P
    RHSA-2015:1486: java-1.6.0-ibm security update (Critical)
    2015-07-22
    oval:com.redhat.rhsa:def:20151242
    P
    RHSA-2015:1242: java-1.7.0-oracle security update (Critical)
    2015-07-17
    oval:com.redhat.rhsa:def:20151243
    P
    RHSA-2015:1243: java-1.6.0-sun security update (Important)
    2015-07-17
    oval:com.redhat.rhsa:def:20151241
    P
    RHSA-2015:1241: java-1.8.0-oracle security update (Critical)
    2015-07-17
    oval:com.redhat.rhsa:def:20151229
    P
    RHSA-2015:1229: java-1.7.0-openjdk security update (Critical)
    2015-07-15
    oval:com.redhat.rhsa:def:20151230
    P
    RHSA-2015:1230: java-1.7.0-openjdk security update (Important)
    2015-07-15
    oval:com.redhat.rhsa:def:20151228
    P
    RHSA-2015:1228: java-1.8.0-openjdk security update (Important)
    2015-07-15
    oval:com.redhat.rhsa:def:20151197
    P
    RHSA-2015:1197: openssl security update (Moderate)
    2015-06-30
    oval:com.redhat.rhsa:def:20151185
    P
    RHSA-2015:1185: nss security update (Moderate)
    2015-06-25
    oval:com.redhat.rhsa:def:20151072
    P
    RHSA-2015:1072: openssl security update (Moderate)
    2015-06-04
    oval:com.ubuntu.trusty:def:20154000000
    V
    CVE-2015-4000 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-05-20
    oval:com.ubuntu.xenial:def:20154000000
    V
    CVE-2015-4000 on Ubuntu 16.04 LTS (xenial) - medium.
    2015-05-20
    oval:com.ubuntu.precise:def:20154000000
    V
    CVE-2015-4000 on Ubuntu 12.04 LTS (precise) - medium.
    2015-05-20
    BACK
    openssl openssl 1.0.1m
    openssl openssl 1.0.2a
    canonical ubuntu_linux 12.04
    canonical ubuntu_linux 14.04
    canonical ubuntu_linux 14.10
    canonical ubuntu_linux 15.04
    openssl openssl 1.0.1m
    hp hp-ux b.11.31
    ibm content_manager 8.5
    oracle jrockit r28.3.6
    debian debian_linux 7.0
    debian debian_linux 8.0
    oracle jdk 1.6.0 update_95
    oracle jdk 1.7.0 update_75
    oracle jdk 1.7.0 update_80
    oracle jdk 1.8.0 update_33
    oracle jdk 1.8.0 update_45
    oracle jre 1.6.0 update_95
    oracle jre 1.7.0 update_75
    oracle jre 1.7.0 update_80
    oracle jre 1.8.0 update_33
    oracle jre 1.8.0 update_45
    suse linux_enterprise_desktop 12
    suse linux_enterprise_server 11.0 sp4
    suse linux_enterprise_server 12
    suse linux_enterprise_software_development_kit 12
    apple iphone_os 8.3
    apple mac_os_x 10.10.3
    mozilla network_security_services 3.19
    oracle sparc-opl_service_processor 1121
    apple safari *
    google chrome -
    microsoft ie *
    mozilla firefox *
    opera opera_browser -
    mozilla firefox 39.0
    mozilla firefox_esr 31.8
    mozilla firefox_esr 38.1.0
    mozilla seamonkey 2.35
    mozilla thunderbird 31.8
    mozilla thunderbird 38.1
    mozilla firefox_os 2.2
    redhat enterprise_linux 6
    redhat enterprise_linux 7
    redhat enterprise_linux 5
    redhat rhel_extras_oracle_java 7
    redhat rhel_extras_oracle_java 6
    redhat rhel_extras_oracle_java 5
    redhat rhel_extras 6
    redhat rhel_extras 7
    redhat rhel_extras 5