The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the “FREAK” issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

OSVersionArchitecturePackageVersionFilename
Debian12allopenssl< 1.0.1k-1openssl_1.0.1k-1_all.deb
Debian11allopenssl< 1.0.1k-1openssl_1.0.1k-1_all.deb
Debian10allopenssl< 1.0.1k-1openssl_1.0.1k-1_all.deb
Debian999allopenssl< 1.0.1k-1openssl_1.0.1k-1_all.deb
Debian13allopenssl< 1.0.1k-1openssl_1.0.1k-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openssl	< 1.0.1k-1	openssl_1.0.1k-1_all.deb
Debian	11	all	openssl	< 1.0.1k-1	openssl_1.0.1k-1_all.deb
Debian	10	all	openssl	< 1.0.1k-1	openssl_1.0.1k-1_all.deb
Debian	999	all	openssl	< 1.0.1k-1	openssl_1.0.1k-1_all.deb
Debian	13	all	openssl	< 1.0.1k-1	openssl_1.0.1k-1_all.deb

cisa 1

cisco 1

hackerone 1

ibm 82

f5 4

openvas 26

thn 2

nessus 43

ubuntucve 2

veracode 1

openssl 1

cve 6

fortinet 1

checkpoint_security 1

prion 6

cert 1

checkpoint_advisories 2

debiancve 1

debian 2

oraclelinux 3

kitploit 1

osv 1

ubuntu 1

centos 1

redhat 1

securityvulns 2

aix 1

archlinux 1

altlinux 2

cloudfoundry 1

cisa

FREAK

2015-03-06 00:00:00

cisco

OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability

2015-01-13 19:57:19

hackerone

Internet Bug Bounty: FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers

2015-03-05 16:18:06

ibm

Security Bulletin: Vulnerability in OpenSSL affects IBM XIV Storage System Gen3 and Gen2 (CVE-2015-0204)

2018-06-18 00:09:22

Security Bulletin: OpenSSL vulnerabilities for Rational Automation Framework Security Advisory (CVE-2015-0204)

2018-06-17 05:01:24

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Chassis Management Module (CMM) (CVE-2015-0204)

2019-01-31 01:55:01

K16139 : OpenSSL vulnerability CVE-2015-0204

2015-10-02 00:00:00

SOL16139 - OpenSSL vulnerability CVE-2015-0204

2015-02-12 00:00:00

K16903 : Microsoft Schannel vulnerability CVE-2015-1637

2015-07-13 00:00:00

openvas

SSL/TLS: RSA Temporary Key Handling 'RSA_EXPORT' Downgrade Issue (FREAK)

2015-03-06 00:00:00

DTLS: Deprecated DTLSv1.0 Detection

2024-01-09 00:00:00

OpenSSL Information Disclosure Vulnerability (20150319 - 4) - Linux

2021-07-29 00:00:00

thn

'FREAK' — New SSL/TLS Vulnerability Explained

2015-03-03 20:30:00

OpenSSL to Patch Undisclosed High Severity Vulnerability this Thursday

2015-07-06 22:12:00

nessus

BlackBerry Enterprise Server SSL/TLS EXPORT_RSA Ciphers Downgrade MitM (KB36811) (FREAK)

2015-03-27 00:00:00

SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK)

2015-03-04 00:00:00

F5 Networks BIG-IP : OpenSSL vulnerability (SOL16139) (FREAK)

2015-10-05 00:00:00

ubuntucve

CVE-2015-0204

2015-01-08 00:00:00

CVE-2015-2319

2015-03-18 00:00:00

veracode

Brute Force Decryption

2017-02-10 01:27:34

openssl

Vulnerability in OpenSSL CVE-2015-0204

2015-01-06 00:00:00

cve

CVE-2015-0204

2015-01-09 02:59:00

CVE-2015-2319

2018-01-08 19:29:00

CVE-2015-0138

2015-03-25 01:59:00

fortinet

TLS FREAK Attack

2015-03-04 00:00:00

checkpoint_security

Check Point response to TLS FREAK Attack (CVE-2015-0204)

2015-03-03 22:00:00

prion

Code injection

2015-01-09 02:59:00

Design/Logic Flaw

2018-01-08 19:29:00

Design/Logic Flaw

2015-03-25 01:59:00

cert

SSL/TLS implementations accept export-grade RSA keys (FREAK attack)

2015-03-06 00:00:00

checkpoint_advisories

SSL Export Cipher Suite (CVE-2015-0204; CVE-2015-1637)

2015-03-04 00:00:00

OpenSSL TLS Export Cipher Suite Downgrade (CVE-2015-0204; CVE-2015-1637)

2015-03-04 00:00:00

debiancve

CVE-2015-2319

2018-01-08 19:29:00

debian

[SECURITY] [DLA 132-1] openssl security update

2015-01-11 13:16:17

[SECURITY] [DSA 3125-1] openssl security update

2015-01-11 11:05:13

oraclelinux

openssl security update

2015-02-26 00:00:00

openssl security update

2015-01-20 00:00:00

openssl security update

2015-04-13 00:00:00

kitploit

A2SV - Auto Scanning to SSL Vulnerability

2016-08-06 14:46:00

osv

openssl - security update

2015-01-11 00:00:00

ubuntu

OpenSSL vulnerabilities

2015-01-12 00:00:00

centos

openssl security update

2015-01-20 21:00:39

redhat

(RHSA-2015:0066) Moderate: openssl security update

2015-01-20 00:00:00

securityvulns

[USN-2459-1] OpenSSL vulnerabilities

2015-01-13 00:00:00

OpenSSL multiple security vulnerabilities

2015-01-13 00:00:00

aix

Multiple Security vulnerabilities in AIX OpenSSL

2015-02-04 06:24:41

archlinux

openssl: multiple issues

2015-01-09 00:00:00

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt0.M70P.1

2015-01-12 00:00:00

Security fix for the ALT Linux 6 package openssl10 version 1.0.0p-alt0.M60P.1

2015-04-23 00:00:00

cloudfoundry

USN-2537-1: OpenSSL vulnerabilities | Cloud Foundry

2015-03-21 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.948 High

EPSS

Percentile

99.2%

JSON

Related for DEBIANCVE:CVE-2015-0204