Vulnerabilites related to oracle - sparc-opl_service_processor
cve-2015-3238
Vulnerability from cvelistv5
Published
2015-08-24 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:39:32.046Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2015-10830", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html", }, { name: "RHSA-2015:1640", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1640.html", }, { name: "[oss-security] 20150625 Linux-PAM 1.2.1 released to address CVE-2015-3238", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/06/25/13", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228571", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551", }, { name: "GLSA-201605-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201605-05", }, { name: "USN-2935-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2935-2", }, { name: "USN-2935-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2935-3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "USN-2935-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2935-1", }, { name: "FEDORA-2015-10848", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html", }, { name: "75428", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/75428", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-06-25T00:00:00", descriptions: [ { lang: "en", value: "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-01T15:57:02", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2015-10830", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html", }, { name: "RHSA-2015:1640", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1640.html", }, { name: "[oss-security] 20150625 Linux-PAM 1.2.1 released to address CVE-2015-3238", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/06/25/13", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228571", }, { tags: [ "x_refsource_MISC", ], url: "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551", }, { name: "GLSA-201605-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201605-05", }, { name: "USN-2935-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2935-2", }, { name: "USN-2935-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2935-3", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "USN-2935-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2935-1", }, { name: "FEDORA-2015-10848", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html", }, { name: "75428", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/75428", }, { tags: [ "x_refsource_MISC", ], url: "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-3238", datePublished: "2015-08-24T14:00:00", dateReserved: "2015-04-10T00:00:00", dateUpdated: "2024-08-06T05:39:32.046Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-4000
Vulnerability from cvelistv5
Published
2015-05-21 00:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:04:02.725Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2015:1184", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html", }, { name: "SUSE-SU-2015:1177", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html", }, { name: "SSRT102180", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { name: "RHSA-2015:1243", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1243.html", }, { name: "openSUSE-SU-2015:1229", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html", }, { name: "1033208", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033208", }, { name: "1032637", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032637", }, { name: "HPSBGN03404", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=144050121701297&w=2", }, { name: "DSA-3688", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3688", }, { name: "DSA-3287", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3287", }, { name: "HPSBUX03512", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=144493176821532&w=2", }, { name: "1032865", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032865", }, { name: "HPSBGN03351", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=143557934009303&w=2", }, { name: "SUSE-SU-2015:1268", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html", }, { name: "SUSE-SU-2015:1150", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html", }, { name: "1034728", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1034728", }, { name: "SUSE-SU-2015:1183", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html", }, { name: "1032656", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032656", }, { name: "RHSA-2016:2056", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html", }, { name: "[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice", tags: [ "mailing-list", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2015/05/20/8", }, { name: "openSUSE-SU-2015:1684", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html", }, { name: "HPSBGN03361", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=143628304012255&w=2", }, { name: "HPSBGN03399", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=144060576831314&w=2", }, { name: "1032475", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032475", }, { name: "1032960", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032960", }, { name: "openSUSE-SU-2016:0255", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html", }, { name: "1032653", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032653", }, { name: "SUSE-SU-2016:0224", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html", }, { name: "1033385", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033385", }, { name: "GLSA-201512-10", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201512-10", }, { name: "RHSA-2015:1229", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1229.html", }, { name: "openSUSE-SU-2016:0483", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html", }, { name: "1032864", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032864", }, { name: "1032910", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032910", }, { name: "1032645", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032645", }, { name: "USN-2706-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2706-1", }, { name: "GLSA-201701-46", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201701-46", }, { name: "RHSA-2015:1526", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1526.html", }, { name: "1033760", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033760", }, { name: "RHSA-2015:1485", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1485.html", }, { name: "RHSA-2015:1197", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1197.html", }, { name: "HPSBMU03401", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=144104533800819&w=2", }, { name: "1032699", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032699", }, { name: "1032476", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032476", }, { name: "1032649", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032649", }, { name: "HPSBMU03345", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=144043644216842&w=2", }, { name: "HPSBUX03363", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=143637549705650&w=2", }, { name: "RHSA-2015:1544", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1544.html", }, { name: "FEDORA-2015-9130", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html", }, { name: "SUSE-SU-2015:1182", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html", }, { name: "SSRT102112", tags: [ "vendor-advisory", "x_transferred", ], url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196", }, { name: "1032688", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032688", }, { name: "SUSE-SU-2015:1143", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html", }, { name: "1032652", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032652", }, { name: "FEDORA-2015-9048", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html", }, { name: "RHSA-2015:1185", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1185.html", }, { name: "HPSBGN03362", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=143558092609708&w=2", }, { name: "APPLE-SA-2015-06-30-2", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", }, { name: "openSUSE-SU-2015:1289", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", }, { name: "FEDORA-2015-9161", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html", }, { name: "HPSBGN03402", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=144069189622016&w=2", }, { name: "1032648", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032648", }, { name: "1032759", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032759", }, { name: "RHSA-2015:1228", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1228.html", }, { name: "HPSBGN03405", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=144060606031437&w=2", }, { name: "DSA-3316", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3316", }, { name: "1033209", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033209", }, { name: "1032871", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032871", }, { name: "DSA-3324", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3324", }, { name: "1032655", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032655", }, { name: "1033210", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033210", }, { name: "HPSBGN03411", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=144061542602287&w=2", }, { name: "openSUSE-SU-2015:1277", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { name: "HPSBGN03533", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145409266329539&w=2", }, { name: "USN-2673-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2673-1", }, { name: "1034884", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1034884", }, { name: "HPSBMU03356", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=143506486712441&w=2", }, { name: "GLSA-201603-11", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201603-11", }, { name: "1033064", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033064", }, { name: "SUSE-SU-2015:1181", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html", }, { name: "1032778", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032778", }, { name: "1032474", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032474", }, { name: "SSRT102254", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=144493176821532&w=2", }, { name: "HPSBGN03407", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=144102017024820&w=2", }, { name: "openSUSE-SU-2015:1209", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html", }, { name: "1032784", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032784", }, { name: "1032777", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032777", }, { name: "1033416", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033416", }, { name: "1033991", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033991", }, { name: "1032647", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032647", }, { name: "1032654", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032654", }, { name: "1033341", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033341", }, { name: "RHSA-2015:1486", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1486.html", }, { name: "SUSE-SU-2015:1663", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html", }, { name: "1033433", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033433", }, { name: "USN-2696-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2696-1", }, { name: "APPLE-SA-2015-06-30-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", }, { name: "1032702", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032702", }, { name: "DSA-3339", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3339", }, { name: "1032727", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032727", }, { name: "RHSA-2015:1242", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1242.html", }, { name: "SUSE-SU-2015:1269", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html", }, { name: "GLSA-201506-02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201506-02", }, { name: "91787", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "RHSA-2016:1624", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1624.html", }, { name: "openSUSE-SU-2015:1266", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", }, { name: "RHSA-2015:1488", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1488.html", }, { name: "SUSE-SU-2015:1319", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", }, { name: "SUSE-SU-2015:1320", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", }, { name: "1033430", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033430", }, { name: "openSUSE-SU-2015:1288", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", }, { name: "RHSA-2015:1241", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1241.html", }, { name: "openSUSE-SU-2016:0478", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html", }, { name: "SUSE-SU-2015:1581", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html", }, { name: "HPSBUX03388", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { name: "RHSA-2015:1230", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1230.html", }, { name: "74733", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/74733", }, { name: "openSUSE-SU-2016:0261", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html", }, { name: "1032651", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032651", }, { name: "1033065", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033065", }, { name: "USN-2656-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2656-1", }, { name: "SUSE-SU-2015:1185", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html", }, { name: "1033222", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033222", }, { name: "1036218", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1036218", }, { name: "SUSE-SU-2015:1449", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html", }, { name: "HPSBGN03373", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=143655800220052&w=2", }, { name: "1040630", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1040630", }, { name: "openSUSE-SU-2015:1139", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html", }, { name: "1034087", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1034087", }, { name: "1033513", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033513", }, { name: "1032884", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032884", }, { name: "RHSA-2015:1604", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1604.html", }, { name: "SUSE-SU-2016:0262", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html", }, { name: "1032932", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032932", }, { name: "1033891", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033891", }, { name: "openSUSE-SU-2016:0226", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html", }, { name: "1032783", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032783", }, { name: "1032856", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032856", }, { name: "NetBSD-SA2015-008", tags: [ "vendor-advisory", "x_transferred", ], url: "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc", }, { name: "DSA-3300", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3300", }, { name: "USN-2656-2", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2656-2", }, { name: "1033067", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033067", }, { name: "1033019", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1033019", }, { name: "RHSA-2015:1072", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1072.html", }, { name: "1032650", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032650", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962739", }, { tags: [ "x_transferred", ], url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403", }, { tags: [ "x_transferred", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", }, { tags: [ "x_transferred", ], url: "http://support.apple.com/kb/HT204941", }, { tags: [ "x_transferred", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21962816", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959812", }, { tags: [ "x_transferred", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg21959745", }, { tags: [ "x_transferred", ], url: "https://weakdh.org/imperfect-forward-secrecy.pdf", }, { tags: [ "x_transferred", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21959132", }, { tags: [ "x_transferred", ], url: "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959539", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959325", }, { tags: [ "x_transferred", ], url: "https://openssl.org/news/secadv/20150611.txt", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { tags: [ "x_transferred", ], url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778", }, { tags: [ "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us", }, { tags: [ "x_transferred", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", }, { tags: [ "x_transferred", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21967893", }, { tags: [ "x_transferred", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21958984", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959517", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959195", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21961717", }, { tags: [ "x_transferred", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960041", }, { tags: [ "x_transferred", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960194", }, { tags: [ "x_transferred", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959453", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20150619-0001/", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959111", }, { tags: [ "x_transferred", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960418", }, { tags: [ "x_transferred", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", }, { tags: [ "x_transferred", ], url: "https://www.suse.com/security/cve/CVE-2015-4000.html", }, { tags: [ "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722", }, { tags: [ "x_transferred", ], url: "http://support.citrix.com/article/CTX201114", }, { tags: [ "x_transferred", ], url: "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery", }, { tags: [ "x_transferred", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960380", }, { tags: [ "x_transferred", ], url: "http://support.apple.com/kb/HT204942", }, { tags: [ "x_transferred", ], url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083", }, { tags: [ "x_transferred", ], url: "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727", }, { tags: [ "x_transferred", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959530", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960191", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959636", }, { tags: [ "x_transferred", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { tags: [ "x_transferred", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { tags: [ "x_transferred", ], url: "https://puppet.com/security/cve/CVE-2015-4000", }, { tags: [ "x_transferred", ], url: "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html", }, { tags: [ "x_transferred", ], url: "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm", }, { tags: [ "x_transferred", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", }, { tags: [ "x_transferred", ], url: "https://support.citrix.com/article/CTX216642", }, { tags: [ "x_transferred", ], url: "https://weakdh.org/", }, { tags: [ "x_transferred", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959481", }, { tags: [ "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa98", }, { tags: [ "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962455", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv_20150611.txt", }, { tags: [ "x_transferred", ], url: "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-19T00:00:00", descriptions: [ { lang: "en", value: "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SU-2015:1184", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html", }, { name: "SUSE-SU-2015:1177", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html", }, { name: "SSRT102180", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { name: "RHSA-2015:1243", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1243.html", }, { name: "openSUSE-SU-2015:1229", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html", }, { name: "1033208", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033208", }, { name: "1032637", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032637", }, { name: "HPSBGN03404", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=144050121701297&w=2", }, { name: "DSA-3688", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2016/dsa-3688", }, { name: "DSA-3287", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2015/dsa-3287", }, { name: "HPSBUX03512", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=144493176821532&w=2", }, { name: "1032865", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032865", }, { name: "HPSBGN03351", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=143557934009303&w=2", }, { name: "SUSE-SU-2015:1268", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html", }, { name: "SUSE-SU-2015:1150", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html", }, { name: "1034728", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1034728", }, { name: "SUSE-SU-2015:1183", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html", }, { name: "1032656", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032656", }, { name: "RHSA-2016:2056", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html", }, { name: "[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server's ciphersuite choice", tags: [ "mailing-list", ], url: "http://openwall.com/lists/oss-security/2015/05/20/8", }, { name: "openSUSE-SU-2015:1684", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html", }, { name: "HPSBGN03361", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=143628304012255&w=2", }, { name: "HPSBGN03399", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=144060576831314&w=2", }, { name: "1032475", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032475", }, { name: "1032960", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032960", }, { name: "openSUSE-SU-2016:0255", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html", }, { name: "1032653", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032653", }, { name: "SUSE-SU-2016:0224", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html", }, { name: "1033385", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033385", }, { name: "GLSA-201512-10", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201512-10", }, { name: "RHSA-2015:1229", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1229.html", }, { name: "openSUSE-SU-2016:0483", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html", }, { name: "1032864", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032864", }, { name: "1032910", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032910", }, { name: "1032645", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032645", }, { name: "USN-2706-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2706-1", }, { name: "GLSA-201701-46", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201701-46", }, { name: "RHSA-2015:1526", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1526.html", }, { name: "1033760", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033760", }, { name: "RHSA-2015:1485", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1485.html", }, { name: "RHSA-2015:1197", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1197.html", }, { name: "HPSBMU03401", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=144104533800819&w=2", }, { name: "1032699", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032699", }, { name: "1032476", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032476", }, { name: "1032649", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032649", }, { name: "HPSBMU03345", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=144043644216842&w=2", }, { name: "HPSBUX03363", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=143637549705650&w=2", }, { name: "RHSA-2015:1544", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1544.html", }, { name: "FEDORA-2015-9130", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html", }, { name: "SUSE-SU-2015:1182", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html", }, { name: "SSRT102112", tags: [ "vendor-advisory", ], url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196", }, { name: "1032688", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032688", }, { name: "SUSE-SU-2015:1143", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html", }, { name: "1032652", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032652", }, { name: "FEDORA-2015-9048", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html", }, { name: "RHSA-2015:1185", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1185.html", }, { name: "HPSBGN03362", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=143558092609708&w=2", }, { name: "APPLE-SA-2015-06-30-2", tags: [ "vendor-advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", }, { name: "openSUSE-SU-2015:1289", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", }, { name: "FEDORA-2015-9161", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html", }, { name: "HPSBGN03402", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=144069189622016&w=2", }, { name: "1032648", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032648", }, { name: "1032759", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032759", }, { name: "RHSA-2015:1228", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1228.html", }, { name: "HPSBGN03405", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=144060606031437&w=2", }, { name: "DSA-3316", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2015/dsa-3316", }, { name: "1033209", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033209", }, { name: "1032871", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032871", }, { name: "DSA-3324", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2015/dsa-3324", }, { name: "1032655", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032655", }, { name: "1033210", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033210", }, { name: "HPSBGN03411", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=144061542602287&w=2", }, { name: "openSUSE-SU-2015:1277", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { name: "HPSBGN03533", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=145409266329539&w=2", }, { name: "USN-2673-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2673-1", }, { name: "1034884", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1034884", }, { name: "HPSBMU03356", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=143506486712441&w=2", }, { name: "GLSA-201603-11", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201603-11", }, { name: "1033064", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033064", }, { name: "SUSE-SU-2015:1181", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html", }, { name: "1032778", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032778", }, { name: "1032474", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032474", }, { name: "SSRT102254", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=144493176821532&w=2", }, { name: "HPSBGN03407", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=144102017024820&w=2", }, { name: "openSUSE-SU-2015:1209", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html", }, { name: "1032784", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032784", }, { name: "1032777", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032777", }, { name: "1033416", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033416", }, { name: "1033991", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033991", }, { name: "1032647", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032647", }, { name: "1032654", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032654", }, { name: "1033341", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033341", }, { name: "RHSA-2015:1486", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1486.html", }, { name: "SUSE-SU-2015:1663", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html", }, { name: "1033433", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033433", }, { name: "USN-2696-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2696-1", }, { name: "APPLE-SA-2015-06-30-1", tags: [ "vendor-advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", }, { name: "1032702", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032702", }, { name: "DSA-3339", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2015/dsa-3339", }, { name: "1032727", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032727", }, { name: "RHSA-2015:1242", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1242.html", }, { name: "SUSE-SU-2015:1269", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html", }, { name: "GLSA-201506-02", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201506-02", }, { name: "91787", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "RHSA-2016:1624", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1624.html", }, { name: "openSUSE-SU-2015:1266", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", }, { name: "RHSA-2015:1488", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1488.html", }, { name: "SUSE-SU-2015:1319", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", }, { name: "SUSE-SU-2015:1320", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", }, { name: "1033430", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033430", }, { name: "openSUSE-SU-2015:1288", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", }, { name: "RHSA-2015:1241", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1241.html", }, { name: "openSUSE-SU-2016:0478", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html", }, { name: "SUSE-SU-2015:1581", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html", }, { name: "HPSBUX03388", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { name: "RHSA-2015:1230", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1230.html", }, { name: "74733", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/74733", }, { name: "openSUSE-SU-2016:0261", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html", }, { name: "1032651", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032651", }, { name: "1033065", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033065", }, { name: "USN-2656-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2656-1", }, { name: "SUSE-SU-2015:1185", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html", }, { name: "1033222", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033222", }, { name: "1036218", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1036218", }, { name: "SUSE-SU-2015:1449", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html", }, { name: "HPSBGN03373", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=143655800220052&w=2", }, { name: "1040630", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1040630", }, { name: "openSUSE-SU-2015:1139", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html", }, { name: "1034087", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1034087", }, { name: "1033513", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033513", }, { name: "1032884", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032884", }, { name: "RHSA-2015:1604", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1604.html", }, { name: "SUSE-SU-2016:0262", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html", }, { name: "1032932", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032932", }, { name: "1033891", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033891", }, { name: "openSUSE-SU-2016:0226", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html", }, { name: "1032783", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032783", }, { name: "1032856", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032856", }, { name: "NetBSD-SA2015-008", tags: [ "vendor-advisory", ], url: "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc", }, { name: "DSA-3300", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2015/dsa-3300", }, { name: "USN-2656-2", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2656-2", }, { name: "1033067", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033067", }, { name: "1033019", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1033019", }, { name: "RHSA-2015:1072", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1072.html", }, { name: "1032650", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032650", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962739", }, { url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403", }, { url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929", }, { url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", }, { url: "http://support.apple.com/kb/HT204941", }, { url: "http://www-304.ibm.com/support/docview.wss?uid=swg21962816", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959812", }, { url: "https://www-304.ibm.com/support/docview.wss?uid=swg21959745", }, { url: "https://weakdh.org/imperfect-forward-secrecy.pdf", }, { url: "http://www-304.ibm.com/support/docview.wss?uid=swg21959132", }, { url: "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959539", }, { url: "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959325", }, { url: "https://openssl.org/news/secadv/20150611.txt", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527", }, { url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778", }, { url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us", }, { url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", }, { url: "http://www-304.ibm.com/support/docview.wss?uid=swg21967893", }, { url: "http://www-304.ibm.com/support/docview.wss?uid=swg21958984", }, { url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959517", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959195", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21961717", }, { url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960041", }, { url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960194", }, { url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959453", }, { url: "https://security.netapp.com/advisory/ntap-20150619-0001/", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959111", }, { url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960418", }, { url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", }, { url: "https://www.suse.com/security/cve/CVE-2015-4000.html", }, { url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722", }, { url: "http://support.citrix.com/article/CTX201114", }, { url: "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery", }, { url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960380", }, { url: "http://support.apple.com/kb/HT204942", }, { url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083", }, { url: "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727", }, { url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959530", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960191", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959636", }, { url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { url: "https://puppet.com/security/cve/CVE-2015-4000", }, { url: "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html", }, { url: "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm", }, { url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", }, { url: "https://support.citrix.com/article/CTX216642", }, { url: "https://weakdh.org/", }, { url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959481", }, { url: "https://bto.bluecoat.com/security-advisory/sa98", }, { url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962455", }, { url: "https://www.openssl.org/news/secadv_20150611.txt", }, { url: "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-4000", datePublished: "2015-05-21T00:00:00", dateReserved: "2015-05-15T00:00:00", dateUpdated: "2024-08-06T06:04:02.725Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1789
Vulnerability from cvelistv5
Published
2015-06-12 00:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:54:16.129Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2015:1184", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html", }, { name: "SSRT102180", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { name: "DSA-3287", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3287", }, { name: "SUSE-SU-2015:1150", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", }, { name: "SUSE-SU-2015:1183", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html", }, { tags: [ "x_transferred", ], url: "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11", }, { tags: [ "x_transferred", ], url: "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", }, { name: "HPSBMU03409", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965", }, { tags: [ "x_transferred", ], url: "https://openssl.org/news/secadv/20150611.txt", }, { name: "RHSA-2015:1115", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1115.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "RHSA-2015:1197", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1197.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { name: "SUSE-SU-2015:1182", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", }, { name: "SUSE-SU-2015:1143", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "openSUSE-SU-2016:0640", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { name: "1032564", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1032564", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { tags: [ "x_transferred", ], url: "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015", }, { name: "FEDORA-2015-10108", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products", tags: [ "vendor-advisory", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl", }, { name: "openSUSE-SU-2015:1277", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { name: "SUSE-SU-2015:1181", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html", }, { name: "APPLE-SA-2015-08-13-2", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { name: "USN-2639-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2639-1", }, { tags: [ "x_transferred", ], url: "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015", }, { name: "GLSA-201506-02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201506-02", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "HPSBUX03388", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { name: "FEDORA-2015-10047", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html", }, { name: "75156", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/75156", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT205031", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_transferred", ], url: "https://support.citrix.com/article/CTX216642", }, { name: "SUSE-SU-2015:1185", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694", }, { name: "openSUSE-SU-2015:1139", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html", }, { tags: [ "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa98", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733", }, { name: "NetBSD-SA2015-008", tags: [ "vendor-advisory", "x_transferred", ], url: "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv_20150611.txt", }, { name: "HPSBGN03371", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=143654156615516&w=2", }, { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-06-11T00:00:00", descriptions: [ { lang: "en", value: "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SU-2015:1184", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html", }, { name: "SSRT102180", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { name: "DSA-3287", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2015/dsa-3287", }, { name: "SUSE-SU-2015:1150", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", }, { name: "SUSE-SU-2015:1183", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html", }, { url: "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11", }, { url: "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", }, { name: "HPSBMU03409", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965", }, { url: "https://openssl.org/news/secadv/20150611.txt", }, { name: "RHSA-2015:1115", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1115.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "RHSA-2015:1197", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1197.html", }, { url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { name: "SUSE-SU-2015:1182", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", }, { name: "SUSE-SU-2015:1143", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "openSUSE-SU-2016:0640", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { name: "1032564", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1032564", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { url: "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015", }, { name: "FEDORA-2015-10108", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products", tags: [ "vendor-advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl", }, { name: "openSUSE-SU-2015:1277", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { name: "SUSE-SU-2015:1181", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html", }, { name: "APPLE-SA-2015-08-13-2", tags: [ "vendor-advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { name: "USN-2639-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2639-1", }, { url: "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015", }, { name: "GLSA-201506-02", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201506-02", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "HPSBUX03388", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { name: "FEDORA-2015-10047", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html", }, { name: "75156", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/75156", }, { url: "https://support.apple.com/kb/HT205031", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { url: "https://support.citrix.com/article/CTX216642", }, { name: "SUSE-SU-2015:1185", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694", }, { name: "openSUSE-SU-2015:1139", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html", }, { url: "https://bto.bluecoat.com/security-advisory/sa98", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733", }, { name: "NetBSD-SA2015-008", tags: [ "vendor-advisory", ], url: "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc", }, { url: "https://www.openssl.org/news/secadv_20150611.txt", }, { name: "HPSBGN03371", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=143654156615516&w=2", }, { url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-1789", datePublished: "2015-06-12T00:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:54:16.129Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2015-05-21 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "51F16DD0-B15A-4B29-B68A-D6ABA0BF9623", versionEndIncluding: "1.0.1m", versionStartIncluding: "1.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "86B99FE0-EFEF-4C34-9790-A14504D701C5", versionEndIncluding: "1.0.2a", versionStartIncluding: "1.0.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", matchCriteriaId: "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "C4D0AB50-9195-4B1B-BB76-00F0A34C9389", versionEndIncluding: "1.0.1m", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*", matchCriteriaId: "B64BBA96-FB3C-46AC-9A29-50EE02714FE9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*", matchCriteriaId: "EB672C2E-8ABF-40CD-97DA-28D939DE4C63", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*", matchCriteriaId: "228C7B8D-18EE-444A-8067-6C222844FB8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:*", matchCriteriaId: "2755C397-75DF-4110-8C8A-05EFDFFF9BC1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*", matchCriteriaId: "D084DBE9-BF2F-4A9B-8FDE-A9A608E6B40F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:*", matchCriteriaId: "18FB6138-2B3D-4C4B-8647-3D1646165641", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*", matchCriteriaId: "49B3533A-57B1-4EDA-9434-D75AE837F2C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*", matchCriteriaId: "914D54AC-EAAE-4A01-BA88-7F245BDA47C5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*", matchCriteriaId: "33DD9C2A-9C6E-407B-8110-2EC7906DE036", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*", matchCriteriaId: "88FA3ACA-B2FC-4D9C-B67E-35272514FB84", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*", matchCriteriaId: "17B87292-EDBB-4D5A-8874-7405F040FAA6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*", matchCriteriaId: "366E2702-633C-4D4C-ACF8-4CBEC66719F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*", matchCriteriaId: "8CFE55B4-9A07-4E88-98AC-8345243AEF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", matchCriteriaId: "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", matchCriteriaId: "D5BAC17C-EF31-4E94-9020-47B781AD94B3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", matchCriteriaId: "DB2A1559-651C-46B0-B436-8E03DC8A60D2", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", matchCriteriaId: "9C649194-B8C2-49F7-A819-C635EE584ABF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "EB31BE7C-CB6D-447E-AFF8-618998950FC5", versionEndIncluding: "8.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "68566BD8-D5DD-4747-9C9A-59154400EBFA", versionEndIncluding: "10.10.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*", matchCriteriaId: "C6809678-475F-4703-BC9E-31EC8CAD3A24", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF02A45-1811-44F2-B3C9-90C11F5DF6DF", versionEndIncluding: "1121", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", matchCriteriaId: "AFDA34B4-65B4-41A5-AC22-667C8D8FF4B7", vulnerable: true, }, { criteria: "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", matchCriteriaId: "39B565E1-C2F1-44FC-A517-E3130332B17C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*", matchCriteriaId: "C37BA825-679F-4257-9F2B-CE2318B75396", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", matchCriteriaId: "97D4FFCF-5309-43B6-9FD5-680C6D535A7F", vulnerable: true, }, { criteria: "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*", matchCriteriaId: "4545786D-3129-4D92-B218-F4A92428ED48", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*", matchCriteriaId: "7B692B58-6FB8-455F-86C0-35E0F216A736", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*", matchCriteriaId: "FA389FFB-2289-4BFB-90A1-0E7EC42FFCEB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*", matchCriteriaId: "DA79F816-D26E-4A0D-8CD8-994EBB42C822", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*", matchCriteriaId: "1C87BCC3-0315-4B3C-BFCD-1E218B475251", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*", matchCriteriaId: "4C00748D-ECFC-4ACA-964B-92330FE7B0EE", vulnerable: true, }, { criteria: "cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*", matchCriteriaId: "E50128DD-9997-49E6-A47E-6A0B7959B3AA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", }, { lang: "es", value: "El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no transporta una elección DHE_EXPORT, lo que permite a atacantes man-in-the-middle realizar ataques de degradación del cifrado mediante la rescritura de un ClientHello con DHE remplazado por DHE_EXPORT y posteriormente la rescritura de un ServerHello con DHE_EXPORT remplazado por DHE, también conocido como el problema 'Logjam'.", }, ], id: "CVE-2015-4000", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2015-05-21T00:59:00.087", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143506486712441&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143557934009303&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143558092609708&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143628304012255&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143637549705650&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143655800220052&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144043644216842&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144050121701297&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144060576831314&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144060606031437&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144061542602287&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144069189622016&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144102017024820&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144104533800819&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144493176821532&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144493176821532&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=145409266329539&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2015/05/20/8", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1072.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1185.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1197.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1228.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1229.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1230.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1241.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1242.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1243.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1485.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1486.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1488.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1526.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1544.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1604.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1624.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT204941", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT204942", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.citrix.com/article/CTX201114", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959111", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959195", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959325", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959453", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959481", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959517", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959530", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959539", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959636", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959812", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960191", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21961717", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962455", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962739", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21958984", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21959132", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960041", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960194", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960380", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960418", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21962816", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21967893", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3287", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3300", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3316", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3324", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3339", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3688", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/74733", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032474", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032475", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032476", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032637", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032645", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032647", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032648", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032649", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032650", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032651", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032652", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032653", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032654", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032655", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032656", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032688", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032699", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032702", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032727", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032759", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032777", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032778", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032783", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032784", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032856", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032864", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032865", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032871", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032884", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032910", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032932", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032960", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033019", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033064", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033065", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033067", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033208", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033209", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033210", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033222", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033341", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033385", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033416", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033430", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033433", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033513", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033760", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033891", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033991", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034087", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034728", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034884", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036218", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040630", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2656-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2656-2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2673-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2696-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2706-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa98", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://openssl.org/news/secadv/20150611.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://puppet.com/security/cve/CVE-2015-4000", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201506-02", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201512-10", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201603-11", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201701-46", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20150619-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX216642", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://weakdh.org/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://weakdh.org/imperfect-forward-secrecy.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg21959745", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv_20150611.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/security/cve/CVE-2015-4000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143506486712441&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143557934009303&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143558092609708&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143628304012255&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143637549705650&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143655800220052&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144043644216842&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144050121701297&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144060576831314&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144060606031437&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144061542602287&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144069189622016&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144102017024820&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144104533800819&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144493176821532&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=144493176821532&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=145409266329539&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2015/05/20/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1072.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1185.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1197.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1228.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1229.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1230.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1241.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1242.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1243.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1485.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1486.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1488.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1526.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1544.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1604.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1624.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT204941", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT204942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.citrix.com/article/CTX201114", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959111", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959195", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959530", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959636", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959812", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21961717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21958984", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21959132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960041", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960194", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960418", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21962816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-304.ibm.com/support/docview.wss?uid=swg21967893", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3300", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3316", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3324", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3339", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/74733", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032475", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032476", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032645", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032647", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032650", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032653", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032655", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032702", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032727", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032778", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032783", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032784", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032856", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032864", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032865", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032871", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032910", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032932", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032960", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033065", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033208", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033209", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033210", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033222", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033341", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033385", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033416", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033513", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033760", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033891", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033991", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034728", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040630", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2656-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2656-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2673-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2696-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2706-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa98", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://openssl.org/news/secadv/20150611.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://puppet.com/security/cve/CVE-2015-4000", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201506-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201512-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201603-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201701-46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20150619-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX216642", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://weakdh.org/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://weakdh.org/imperfect-forward-secrecy.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www-304.ibm.com/support/docview.wss?uid=swg21959745", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv_20150611.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/security/cve/CVE-2015-4000.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-06-12 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "8F73A6A3-0F0C-461D-AA7A-940A9DBBFE92", versionEndIncluding: "0.9.8zf", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "3A2075BD-6102-4B0F-839A-836E9585F43B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", matchCriteriaId: "F02E634E-1E3D-4E44-BADA-76F92483A732", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", matchCriteriaId: "FCC2B07A-49EF-411F-8A4D-89435E22B043", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", matchCriteriaId: "7E9480D6-3B6A-4C41-B8C1-C3F945040772", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", matchCriteriaId: "10FF0A06-DA61-4250-B083-67E55E362677", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", matchCriteriaId: "8A6BA453-C150-4159-B80B-5465EFF83F11", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", matchCriteriaId: "638A2E69-8AB6-4FEA-852A-FEF16A500C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", matchCriteriaId: "56C47D3A-B99D-401D-B6B8-1194B2DB4809", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", matchCriteriaId: "08355B10-E004-4BE6-A5AE-4D428810580B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", matchCriteriaId: "738BCFDC-1C49-4774-95AE-E099F707DEF9", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", matchCriteriaId: "D4B242C0-D27D-4644-AD19-5ACB853C9DC2", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", matchCriteriaId: "8DC683F2-4346-4E5E-A8D7-67B4F4D7827B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", matchCriteriaId: "764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", matchCriteriaId: "6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", matchCriteriaId: "132B9217-B0E0-4E3E-9096-162AA28E158E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", matchCriteriaId: "7619F9A0-9054-4217-93D1-3EA64876C5B0", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", matchCriteriaId: "6D82C405-17E2-4DF1-8DF5-315BD5A41595", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", matchCriteriaId: "4C96806F-4718-4BD3-9102-55A26AA86498", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", matchCriteriaId: "8A16CD99-AF7F-4931-AD2E-77727BA18FBD", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", matchCriteriaId: "88440697-754A-47A7-BF83-4D0EB68FFB10", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", matchCriteriaId: "AD51F0FC-F426-4AE5-B3B9-B813C580EBAE", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*", matchCriteriaId: "38721148-F24A-4339-8282-BC2DD9553512", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2D1C00C0-C77E-4255-9ECA-20F2673C7366", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", matchCriteriaId: "21F16D65-8A46-4AC7-8970-73AB700035FB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", matchCriteriaId: "92F393FF-7E6F-4671-BFBF-060162E12659", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", matchCriteriaId: "E1B85A09-CF8D-409D-966E-168F9959F6F6", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", matchCriteriaId: "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", matchCriteriaId: "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", matchCriteriaId: "A74A79A7-4FAF-4C81-8622-050008B96AE1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", matchCriteriaId: "CEDACCB9-8D61-49EE-9957-9E58BC7BB031", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", matchCriteriaId: "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", matchCriteriaId: "E884B241-F9C3-44F8-A420-DE65F5F3D660", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", matchCriteriaId: "3A383620-B4F7-44A7-85DA-A4FF2E115D80", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", matchCriteriaId: "5F0C6812-F455-49CF-B29B-9AC00306DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", matchCriteriaId: "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", matchCriteriaId: "3703E445-17C0-4C85-A496-A35641C0C8DB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", matchCriteriaId: "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", matchCriteriaId: "ABEC1927-F469-4B9E-B544-DA6CF90F0B34", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", matchCriteriaId: "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", matchCriteriaId: "18797BEE-417D-4959-9AAD-C5A7C051B524", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", matchCriteriaId: "60F946FD-F564-49DA-B043-5943308BA9EE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF02A45-1811-44F2-B3C9-90C11F5DF6DF", versionEndIncluding: "1121", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", }, { lang: "es", value: "La función X509_cmp_time en crypto/x509/x509_vfy.c en OpenSSL anterior a 0.9.8zg, 1.0.0 anterior a 1.0.0s, 1.0.1 anterior a 1.0.1n, y 1.0.2 anterior a 1.0.2b permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un campo de longitud manipulado en datos ASN1_TIME, tal y como fue demostrado mediante un ataque sobre un servidor que soporta la autenticación de clientes con una rellamada de verificación personalizada.", }, ], id: "CVE-2015-1789", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2015-06-12T19:59:02.507", references: [ { source: "secalert@redhat.com", url: "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015", }, { source: "secalert@redhat.com", url: "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc", }, { source: "secalert@redhat.com", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694", }, { source: "secalert@redhat.com", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733", }, { source: "secalert@redhat.com", url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { source: "secalert@redhat.com", url: "http://marc.info/?l=bugtraq&m=143654156615516&w=2", }, { source: "secalert@redhat.com", url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { source: "secalert@redhat.com", url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { source: "secalert@redhat.com", url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-1115.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-1197.html", }, { source: "secalert@redhat.com", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2015/dsa-3287", }, { source: "secalert@redhat.com", url: "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015", }, { source: "secalert@redhat.com", url: "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/75156", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/91787", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1032564", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2639-1", }, { source: "secalert@redhat.com", url: "https://bto.bluecoat.com/security-advisory/sa98", }, { source: "secalert@redhat.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "secalert@redhat.com", url: "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965", }, { source: "secalert@redhat.com", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", }, { source: "secalert@redhat.com", url: "https://openssl.org/news/secadv/20150611.txt", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/201506-02", }, { source: "secalert@redhat.com", url: "https://support.apple.com/kb/HT205031", }, { source: "secalert@redhat.com", url: "https://support.citrix.com/article/CTX216642", }, { source: "secalert@redhat.com", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv_20150611.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=143654156615516&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=143880121627664&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-1115.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-1197.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/75156", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/91787", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1032564", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2639-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bto.bluecoat.com/security-advisory/sa98", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://openssl.org/news/secadv/20150611.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201506-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/kb/HT205031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.citrix.com/article/CTX216642", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv_20150611.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-08-24 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux-pam | linux-pam | * | |
oracle | sparc-opl_service_processor | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*", matchCriteriaId: "97736CA5-0370-4CA9-B5D4-E157B3E699F5", versionEndIncluding: "1.1.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF02A45-1811-44F2-B3C9-90C11F5DF6DF", versionEndIncluding: "1121", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.", }, { lang: "es", value: "Vulnerabilidad en la función _unix_run_helper_binary en el módulo pam_unix en Linux-PAM (también conocido como pam) en versiones anteriores a 1.2.1, cuando no es posible acceder directamente a las contraseñas, permite a usuarios locales enumerar los nombres de usuario o causar una denegación de servicio (colgado) a través de una contraseña larga.", }, ], id: "CVE-2015-3238", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2015-08-24T14:59:04.010", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1640.html", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2015/06/25/13", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/75428", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2935-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2935-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2935-3", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228571", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/201605-05", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1640.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/06/25/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/75428", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2935-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2935-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2935-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228571", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201605-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }