SUSE CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

SA40002 - [Pulse Secure] June 11th 2015 OpenSSL Security Advisory

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On June 11th, 2015 the OpenSSL project announced a group of new security advisories. These issues may affect Pulse Secure products. The OpenSSL advisory can be found at the following...

Security Bulletin: IBM Spectrum Protect Snapshot for VMware is vulnerable to Logjam (CVE-2015-4000)

Summary IBM Spectrum Protect Snapshot for VMware is vulnerable to Logjam CVE-2015-4000 Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. A...

Security Bulletin: CVE-2015-4000 Diffie-Hellman Export Cipher Suite Vulnerabilities in Multiple N series Products

Summary A vulnerability known as Logjam may affect multiple N series products and the impact is under investigation. Versions 1.2 and earlier of the Transport Layer Security TLS protocol can allow man-in-the-middle MITM attackers to conduct downgrade attacks. Multiple N series Products has...

SUSE: Security Advisory (SUSE-SU-2016:2385-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2209-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Spectrum Protect Plus vulnerable to Logjam (CVE-2015-4000)

Summary A port used by VADP is reported to be vulnerable to Logjam CVE-2015-4000. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An...

Security Bulletin: Spectrum Protect Operations Center vulnerable to Logjam (CVE-2015-4000)

Summary A port used by Operations Center is reported to be vulnerable to Logjam CVE-2015-4000. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite...

Security Bulletin: Logjam vulnerability affect IBM Cloud Manager with Openstack (CVE-2015-4000)

Summary IBM Cloud Manager with Openstack is vulnerable to Logjam vulnerability, attackers could exploit them to obtain sensitive information Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failur...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Monitoring (CVE-2015-4000)

Summary The Logjam vulnerability in TLS connections using the Diffie-Hellman DH key exchange protocol affects some components of IBM Tivoli Monitoring ITM. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, cause...

Security Bulletin: DH key exchange protocol vulnerability (“Logjam”) in IBM Java SDK affects IBM SPSS Analytic Server (CVE-2015-4000)

Summary Vulnerabilities in SSL/TLS protocol during key exchange phase using Diffie-Hellman DH ciphersuite, “Logjam” attack, affects IBM Java SDK 1.6, 1.7 that is used by IBM SPSS Analytic Server. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacke...

Security Bulletin: Logjam vulnerability in TLS affects IBM CICS Transaction Gateway (CVE-2015-4000)

Summary The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher...

SUSE-SU-2016:2385-1 Security update for libtcnative-1-0

This update for libtcnative-1-0 fixes the following issues: - CVE-2015-4000: Disable 512-bit export-grade cryptography to prevent Logjam vulnerability bsc938945...

openSUSE Security Update : libtcnative-1-0 (openSUSE-2016-1064) (Logjam)

This update for libtcnative-1-0 fixes the following issues : - Disable 512-bit export-grade cryptography to prevent Logjam vulnerability CVE-2015-4000 bsc938945 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...

SUSE SLES12 Security Update : libtcnative-1-0 (SUSE-SU-2016:2209-1) (Logjam)

This update for libtcnative-1-0 fixes the following issues : - Disable 512-bit export-grade cryptography to prevent Logjam vulnerability CVE-2015-4000 bsc938945 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

SUSE-SU-2016:2209-1 Security update for libtcnative-1-0

This update for libtcnative-1-0 fixes the following issues: - Disable 512-bit export-grade cryptography to prevent Logjam vulnerability CVE-2015-4000 bsc938945...

SUSE-SU-2015:1851-1 Security update for apache2

The Apache2 webserver was updated to fix several issues: Security issues fixed: - The chunked transfer coding implementation in the Apache HTTP Server did not properly parse chunk headers, which allowed remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to...

Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Logjam)

Binary data 8879.prm...

AIX 6.1 TL 9 : sendmail (IV75643) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...

AIX 7.1 TL 3 : sendmail (IV75646) (Logjam)

The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful...