Lucene search

Veracode Vulnerability DatabaseVERACODE:11685

HistoryJan 15, 2019 - 9:06 a.m.

Man-in-the-Middle (MitM)

2019-01-1509:06:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

openssl is vulnerable to man-in-the-middle (MitM) attacks. The vulnerability exists as the TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the “Logjam” issue.

CPENameOperatorVersion
openssleq1.0.0__4.el6_0.2
openssleq1.0.1e__16.el6_5.4
openssleq0.9.8e__31.el5_11
openssleq0.9.8e__22.el5
openssleq1.0.0__10.el6
openssleq1.0.1e__16.el6_5.14
openssleq1.0.0__20.el6_2.3
openssleq1.0.0__27.el6_4.2
openssleq1.0.1e__16.el6_5.1
openssleq1.0.0__20.el6_2.2

Name	Operator	Version
openssl	eq	1.0.0__4.el6_0.2
openssl	eq	1.0.1e__16.el6_5.4
openssl	eq	0.9.8e__31.el5_11
openssl	eq	0.9.8e__22.el5
openssl	eq	1.0.0__10.el6
openssl	eq	1.0.1e__16.el6_5.14
openssl	eq	1.0.0__20.el6_2.3
openssl	eq	1.0.0__27.el6_4.2
openssl	eq	1.0.1e__16.el6_5.1
openssl	eq	1.0.0__20.el6_2.2

Rows per page:

1-10 of 4321

References

aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc

fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc

h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402

h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778

kb.juniper.net/InfoCenter/index?page=content&id=JSA10681

kb.juniper.net/InfoCenter/index?page=content&id=JSA10727

lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html

lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html

lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html

lists.opensuse.org/opensuse-updates/2015-07/msg00016.html

lists.opensuse.org/opensuse-updates/2015-10/msg00011.html

lists.opensuse.org/opensuse-updates/2016-02/msg00094.html

lists.opensuse.org/opensuse-updates/2016-02/msg00097.html

marc.info/?l=bugtraq&m=143506486712441&w=2

marc.info/?l=bugtraq&m=143557934009303&w=2

marc.info/?l=bugtraq&m=143558092609708&w=2

marc.info/?l=bugtraq&m=143628304012255&w=2

marc.info/?l=bugtraq&m=143637549705650&w=2

marc.info/?l=bugtraq&m=143655800220052&w=2

marc.info/?l=bugtraq&m=143880121627664&w=2

marc.info/?l=bugtraq&m=144043644216842&w=2

marc.info/?l=bugtraq&m=144050121701297&w=2

marc.info/?l=bugtraq&m=144060576831314&w=2

marc.info/?l=bugtraq&m=144060606031437&w=2

marc.info/?l=bugtraq&m=144061542602287&w=2

marc.info/?l=bugtraq&m=144069189622016&w=2

marc.info/?l=bugtraq&m=144102017024820&w=2

marc.info/?l=bugtraq&m=144104533800819&w=2

marc.info/?l=bugtraq&m=144493176821532&w=2

marc.info/?l=bugtraq&m=145409266329539&w=2

openwall.com/lists/oss-security/2015/05/20/8

rhn.redhat.com/errata/RHSA-2015-1072.html

rhn.redhat.com/errata/RHSA-2015-1185.html

rhn.redhat.com/errata/RHSA-2015-1197.html

rhn.redhat.com/errata/RHSA-2015-1228.html

rhn.redhat.com/errata/RHSA-2015-1229.html

rhn.redhat.com/errata/RHSA-2015-1230.html

rhn.redhat.com/errata/RHSA-2015-1241.html

rhn.redhat.com/errata/RHSA-2015-1242.html

rhn.redhat.com/errata/RHSA-2015-1243.html

rhn.redhat.com/errata/RHSA-2015-1485.html

rhn.redhat.com/errata/RHSA-2015-1486.html

rhn.redhat.com/errata/RHSA-2015-1488.html

rhn.redhat.com/errata/RHSA-2015-1526.html

rhn.redhat.com/errata/RHSA-2015-1544.html

rhn.redhat.com/errata/RHSA-2015-1604.html

rhn.redhat.com/errata/RHSA-2016-1624.html

rhn.redhat.com/errata/RHSA-2016-2056.html

support.apple.com/kb/HT204941

support.apple.com/kb/HT204942

support.citrix.com/article/CTX201114

www-01.ibm.com/support/docview.wss?uid=swg21959111

www-01.ibm.com/support/docview.wss?uid=swg21959195

www-01.ibm.com/support/docview.wss?uid=swg21959325

www-01.ibm.com/support/docview.wss?uid=swg21959453

www-01.ibm.com/support/docview.wss?uid=swg21959481

www-01.ibm.com/support/docview.wss?uid=swg21959517

www-01.ibm.com/support/docview.wss?uid=swg21959530

www-01.ibm.com/support/docview.wss?uid=swg21959539

www-01.ibm.com/support/docview.wss?uid=swg21959636

www-01.ibm.com/support/docview.wss?uid=swg21959812

www-01.ibm.com/support/docview.wss?uid=swg21960191

www-01.ibm.com/support/docview.wss?uid=swg21961717

www-01.ibm.com/support/docview.wss?uid=swg21962455

www-01.ibm.com/support/docview.wss?uid=swg21962739

www-304.ibm.com/support/docview.wss?uid=swg21958984

www-304.ibm.com/support/docview.wss?uid=swg21959132

www-304.ibm.com/support/docview.wss?uid=swg21960041

www-304.ibm.com/support/docview.wss?uid=swg21960194

www-304.ibm.com/support/docview.wss?uid=swg21960380

www-304.ibm.com/support/docview.wss?uid=swg21960418

www-304.ibm.com/support/docview.wss?uid=swg21962816

www-304.ibm.com/support/docview.wss?uid=swg21967893

www.debian.org/security/2015/dsa-3287

www.debian.org/security/2015/dsa-3300

www.debian.org/security/2015/dsa-3316

www.debian.org/security/2015/dsa-3324

www.debian.org/security/2015/dsa-3339

www.debian.org/security/2016/dsa-3688

www.fortiguard.com/advisory/2015-05-20-logjam-attack

www.mozilla.org/security/announce/2015/mfsa2015-70.html

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/74733

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1032474

www.securitytracker.com/id/1032475

www.securitytracker.com/id/1032476

www.securitytracker.com/id/1032637

www.securitytracker.com/id/1032645

www.securitytracker.com/id/1032647

www.securitytracker.com/id/1032648

www.securitytracker.com/id/1032649

www.securitytracker.com/id/1032650

www.securitytracker.com/id/1032651

www.securitytracker.com/id/1032652

www.securitytracker.com/id/1032653

www.securitytracker.com/id/1032654

www.securitytracker.com/id/1032655

www.securitytracker.com/id/1032656

www.securitytracker.com/id/1032688

www.securitytracker.com/id/1032699

www.securitytracker.com/id/1032702

www.securitytracker.com/id/1032727

www.securitytracker.com/id/1032759

www.securitytracker.com/id/1032777

www.securitytracker.com/id/1032778

www.securitytracker.com/id/1032783

www.securitytracker.com/id/1032784

www.securitytracker.com/id/1032856

www.securitytracker.com/id/1032864

www.securitytracker.com/id/1032865

www.securitytracker.com/id/1032871

www.securitytracker.com/id/1032884

www.securitytracker.com/id/1032910

www.securitytracker.com/id/1032932

www.securitytracker.com/id/1032960

www.securitytracker.com/id/1033019

www.securitytracker.com/id/1033064

www.securitytracker.com/id/1033065

www.securitytracker.com/id/1033067

www.securitytracker.com/id/1033208

www.securitytracker.com/id/1033209

www.securitytracker.com/id/1033210

www.securitytracker.com/id/1033222

www.securitytracker.com/id/1033341

www.securitytracker.com/id/1033385

www.securitytracker.com/id/1033416

www.securitytracker.com/id/1033430

www.securitytracker.com/id/1033433

www.securitytracker.com/id/1033513

www.securitytracker.com/id/1033760

www.securitytracker.com/id/1033891

www.securitytracker.com/id/1033991

www.securitytracker.com/id/1034087

www.securitytracker.com/id/1034728

www.securitytracker.com/id/1034884

www.securitytracker.com/id/1036218

www.securitytracker.com/id/1040630

www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm

www.ubuntu.com/usn/USN-2656-1

www.ubuntu.com/usn/USN-2656-2

www.ubuntu.com/usn/USN-2673-1

www.ubuntu.com/usn/USN-2696-1

www.ubuntu.com/usn/USN-2706-1

access.redhat.com/articles/1456263

access.redhat.com/security/updates/classification/#moderate

blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/

bto.bluecoat.com/security-advisory/sa98

bugzilla.mozilla.org/show_bug.cgi?id=1138554

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes

h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083

help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

kc.mcafee.com/corporate/index?page=content&id=SB10122

openssl.org/news/secadv/20150611.txt

puppet.com/security/cve/CVE-2015-4000

rhn.redhat.com/errata/RHSA-2015-1072.html

security.gentoo.org/glsa/201506-02

security.gentoo.org/glsa/201512-10

security.gentoo.org/glsa/201603-11

security.gentoo.org/glsa/201701-46

security.netapp.com/advisory/ntap-20150619-0001/

support.citrix.com/article/CTX216642

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us

weakdh.org/

weakdh.org/imperfect-forward-secrecy.pdf

www-304.ibm.com/support/docview.wss?uid=swg21959745

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403

www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/

www.openssl.org/news/secadv_20150611.txt

www.oracle.com/security-alerts/cpujan2021.html

www.suse.com/security/cve/CVE-2015-4000.html

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:11685