CVE-2015-4000

LOW EPSS 100.0%
Published May 21, 201511y ago · Modified Jun 17, 20262w ago
3.7 CVSS 3.1
Low
Find Similar
Published May 21, 2015 11y ago
Last Modified Jun 17, 2026 2w ago

Description

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

CVSS Details

Base Score
3.7
Exploitability
2.2
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
100.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-295
CWE-310

Affected Products 42

VendorProductVersionRange
opensslopenssl*≥1.0.1  –  ≤1.0.1m
opensslopenssl*≥1.0.2  –  ≤1.0.2a
canonicalubuntu_linux12.04any
canonicalubuntu_linux14.04any
canonicalubuntu_linux14.10any
canonicalubuntu_linux15.04any
opensslopenssl* ≤1.0.1m
hphp-uxb.11.31any
ibmcontent_manager8.5any
oraclejrockitr28.3.6any
debiandebian_linux7.0any
debiandebian_linux8.0any
oraclejdk1.6.0any
oraclejdk1.7.0any
oraclejdk1.7.0any
oraclejdk1.8.0any
oraclejdk1.8.0any
oraclejre1.6.0any
oraclejre1.7.0any
oraclejre1.7.0any
oraclejre1.8.0any
oraclejre1.8.0any
suselinux_enterprise_desktop12any
suselinux_enterprise_server11.0any
suselinux_enterprise_software_development_kit12any
susesuse_linux_enterprise_server12any
appleiphone_os* ≤8.3
applemac_os_x* ≤10.10.3
mozillanetwork_security_services3.19any
oraclesparc-opl_service_processor* ≤1121
applesafari*any
googlechrome*any
microsoftinternet_explorer*any
mozillafirefox*any
operaopera_browser*any
mozillafirefox38.1.0any
mozillafirefox39.0any
mozillafirefox_esr31.8any
mozillaseamonkey2.35any
mozillathunderbird31.8any
mozillathunderbird38.1any
mozillafirefox_os2.2any

References 217

  • aix.software.ibm.com http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
    Third Party Advisory
  • fortiguard.com http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
    Third Party Advisory
  • ftp.netbsd.org http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
    Mailing ListThird Party Advisory
  • h20564.www2.hpe.com http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
    Third Party Advisory
  • h20564.www2.hpe.com http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
    Third Party Advisory
  • kb.juniper.net http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
    Third Party Advisory
  • kb.juniper.net http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
    Third Party Advisory
  • lists.apple.com http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
    Mailing ListThird Party Advisory
  • lists.apple.com http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=143506486712441&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=143557934009303&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=143558092609708&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=143628304012255&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=143637549705650&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=143655800220052&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=143880121627664&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=144043644216842&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=144050121701297&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=144060576831314&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=144060606031437&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=144061542602287&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=144069189622016&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=144102017024820&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=144104533800819&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=144493176821532&w=2
    Mailing ListThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=145409266329539&w=2
    Mailing ListThird Party Advisory
  • openwall.com http://openwall.com/lists/oss-security/2015/05/20/8
    Mailing ListThird Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1072.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1185.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1197.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1228.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1229.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1230.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1241.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1242.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1243.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1485.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1486.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1488.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1526.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1544.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1604.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-1624.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-2056.html
    Third Party Advisory
  • support.apple.com http://support.apple.com/kb/HT204941
    Third Party Advisory
  • support.apple.com http://support.apple.com/kb/HT204942
    Third Party Advisory
  • support.citrix.com http://support.citrix.com/article/CTX201114
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21959111
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21959195
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21959325
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21959453
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21959481
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21959517
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21959530
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21959539
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21959636
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21959812
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21960191
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21961717
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21962455
    Third Party Advisory
  • www-01.ibm.com http://www-01.ibm.com/support/docview.wss?uid=swg21962739
    Third Party Advisory
  • www-304.ibm.com http://www-304.ibm.com/support/docview.wss?uid=swg21958984
    Third Party Advisory
  • www-304.ibm.com http://www-304.ibm.com/support/docview.wss?uid=swg21959132
    Third Party Advisory
  • www-304.ibm.com http://www-304.ibm.com/support/docview.wss?uid=swg21960041
    Third Party Advisory
  • www-304.ibm.com http://www-304.ibm.com/support/docview.wss?uid=swg21960194
    Third Party Advisory
  • www-304.ibm.com http://www-304.ibm.com/support/docview.wss?uid=swg21960380
    Third Party Advisory
  • www-304.ibm.com http://www-304.ibm.com/support/docview.wss?uid=swg21960418
    Third Party Advisory
  • www-304.ibm.com http://www-304.ibm.com/support/docview.wss?uid=swg21962816
    Third Party Advisory
  • www-304.ibm.com http://www-304.ibm.com/support/docview.wss?uid=swg21967893
    Third Party Advisory
  • debian.org http://www.debian.org/security/2015/dsa-3287
    Third Party Advisory
  • debian.org http://www.debian.org/security/2015/dsa-3300
    Third Party Advisory
  • debian.org http://www.debian.org/security/2015/dsa-3316
    Third Party Advisory
  • debian.org http://www.debian.org/security/2015/dsa-3324
    Third Party Advisory
  • debian.org http://www.debian.org/security/2015/dsa-3339
    Third Party Advisory
  • debian.org http://www.debian.org/security/2016/dsa-3688
    Third Party Advisory
  • fortiguard.com http://www.fortiguard.com/advisory/2015-05-20-logjam-attack
    Third Party Advisory
  • mozilla.org http://www.mozilla.org/security/announce/2015/mfsa2015-70.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
    PatchThird Party Advisory
  • oracle.com http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
    PatchThird Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
    Third Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/74733
    Third Party AdvisoryVDB Entry
  • securityfocus.com http://www.securityfocus.com/bid/91787
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032474
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032475
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032476
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032637
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032645
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032647
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032648
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032649
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032650
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032651
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032652
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032653
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032654
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032655
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032656
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032688
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032699
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032702
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032727
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032759
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032777
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032778
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032783
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032784
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032856
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032864
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032865
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032871
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032884
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032910
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032932
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1032960
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033019
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033064
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033065
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033067
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033208
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033209
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033210
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033222
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033341
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033385
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033416
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033430
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033433
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033513
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033760
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033891
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1033991
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1034087
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1034728
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1034884
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1036218
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1040630
    Third Party AdvisoryVDB Entry
  • solarwinds.com http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2656-1
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2656-2
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2673-1
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2696-1
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2706-1
    Third Party Advisory
  • blog.cloudflare.com https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
    Third Party Advisory
  • bto.bluecoat.com https://bto.bluecoat.com/security-advisory/sa98
    Third Party Advisory
  • bugzilla.mozilla.org https://bugzilla.mozilla.org/show_bug.cgi?id=1138554
    Issue TrackingThird Party Advisory
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
    Third Party Advisory
  • developer.mozilla.org https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
    Third Party Advisory
  • h20564.www2.hp.com https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196
    Third Party Advisory
  • h20564.www2.hpe.com https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
    Third Party Advisory
  • h20564.www2.hpe.com https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
    Third Party Advisory
  • h20564.www2.hpe.com https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
    Third Party Advisory
  • h20564.www2.hpe.com https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
    Third Party Advisory
  • h20564.www2.hpe.com https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
    Third Party Advisory
  • h20564.www2.hpe.com https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839
    Third Party Advisory
  • h20564.www2.hpe.com https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929
    Third Party Advisory
  • h20564.www2.hpe.com https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
    Third Party Advisory
  • h20566.www2.hpe.com https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527
    Third Party Advisory
  • h20566.www2.hpe.com https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655
    Third Party Advisory
  • h20566.www2.hpe.com https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
    Third Party Advisory
  • h20566.www2.hpe.com https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722
    Third Party Advisory
  • h20566.www2.hpe.com https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083
    Third Party Advisory
  • help.ecostruxureit.com https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
    Third Party Advisory
  • kc.mcafee.com https://kc.mcafee.com/corporate/index?page=content&id=SB10122
    Third Party Advisory
  • openssl.org https://openssl.org/news/secadv/20150611.txt
    Vendor Advisory
  • puppet.com https://puppet.com/security/cve/CVE-2015-4000
    Third Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201506-02
    Third Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201512-10
    Third Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201603-11
    Third Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201701-46
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20150619-0001/
    Third Party Advisory
  • support.citrix.com https://support.citrix.com/article/CTX216642
    Third Party Advisory
  • support.hpe.com https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
    Third Party Advisory
  • weakdh.org https://weakdh.org/
    Third Party Advisory
  • weakdh.org https://weakdh.org/imperfect-forward-secrecy.pdf
    Third Party Advisory
  • www-304.ibm.com https://www-304.ibm.com/support/docview.wss?uid=swg21959745
    Third Party Advisory
  • www-947.ibm.com https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403
    Third Party Advisory
  • openssl.org https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
    Vendor Advisory
  • openssl.org https://www.openssl.org/news/secadv_20150611.txt
    Vendor Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpujan2021.html
    Third Party Advisory
  • suse.com https://www.suse.com/security/cve/CVE-2015-4000.html
    Third Party Advisory

Remediation

  • oracle.com http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
    PatchThird Party Advisory
  • oracle.com http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
    PatchThird Party Advisory