Description

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Remediation

References

CVE-2015-4000

Related Vulnerabilities

WordPress Plugin BetterDocs-Best Documentation & Knowledge Base Cross-Site Scripting (1.8.4)

WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)

WordPress Plugin Super Store Finder for WordPress (Google Maps Store Locator) Arbitrary File Upload (6.1)

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5495)

Oracle Database Server CVE-2014-4245 Vulnerability (CVE-2014-4245)

Severity

Low

Classification

CVE-2015-4000 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities