Lucene search

K
f5F5F5:K16139
HistoryOct 02, 2015 - 12:00 a.m.

K16139 : OpenSSL vulnerability CVE-2015-0204

2015-10-0200:00:00
my.f5.com
129

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.954 High

EPSS

Percentile

99.2%

Security Advisory Description

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role. (This CVE-2015-0204 vulnerability is also referred to as FREAK.)

Impact

This vulnerability allows a remote Secure Sockets Layer (SSL) server to present a weak temporary key and downgrade the security of the session.

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.954 High

EPSS

Percentile

99.2%