Exploit the possiblities
Showing 1 - 25 of 59 RSS Feed

CVE-2015-4000

Status Candidate

Overview

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Related Files

Gentoo Linux Security Advisory 201701-46
Posted Jan 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-46 - Multiple vulnerabilities have been found in NSS, the worst of which could allow remote attackers to obtain access to private key information. Versions less than 3.28 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2015-2721, CVE-2015-4000, CVE-2015-7575, CVE-2016-1938, CVE-2016-5285, CVE-2016-8635, CVE-2016-9074
MD5 | 0f6eee195afeafb86e9cd1a3fcd4d929
Red Hat Security Advisory 2016-2056-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2056-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. Multiple security issues have been addressed.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
MD5 | 1ea1f4a4c42e4264c025287799499055
Red Hat Security Advisory 2016-2055-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2055-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
MD5 | 0b9225a8efe500fbba09cd0ae097ee1e
Red Hat Security Advisory 2016-2054-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2054-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
MD5 | d2e4c1a95f2124cc43b256a3aa2e0eaf
Debian Security Advisory 3688-1
Posted Oct 6, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3688-1 - Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-4000, CVE-2015-7181, CVE-2015-7182, CVE-2015-7575, CVE-2016-1938, CVE-2016-1950, CVE-2016-1978, CVE-2016-1979, CVE-2016-2834
MD5 | f4619e3053851042cc54a6396eebc199
HP Security Bulletin HPSBGN03626 1
Posted Jul 1, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03626 1 - A vulnerability in TLS using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" was addressed by HPE Service Manager. The vulnerability could be remotely exploited to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | 522d5898d8f465cf41778b140dc495b2
HP Security Bulletin HPSBST03586 1
Posted May 12, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03586 1 - A potential security vulnerability has been identified in HPE 3PAR OS. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | 6aacd036bb22010c97ed6d33f0dfedde
HP Security Bulletin HPSBGN03373 2
Posted Mar 15, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03373 2 - A potential security vulnerability has been identified with HP Release Control running TLS. A vulnerability in TLS using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam was addressed by HPE Release Control. The vulnerability could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | 8bdfbc0e67fae91dcc6f8f3c3c006d4b
Gentoo Linux Security Advisory 201603-11
Posted Mar 14, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201603-11 - Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites allowing remote attackers to remotely execute arbitrary code, obtain information, and cause Denial of Service. Versions less than 1.8.0.72 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-0437, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492, CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-4000
MD5 | e4876642670a38ddbfa08611323acde6
HP Security Bulletin HPSBGN03533 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03533 1 - A potential security vulnerability in the TLS protocol was addressed by the HPE Cloud Service Automation and Codar products. This vulnerability known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.

tags | advisory, protocol
advisories | CVE-2015-4000
MD5 | 5753ad20f07994a0e93a1b6ce4a571f4
HP Security Bulletin HPSBHF03510 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03510 1 - A potential security vulnerability has been identified in HP Integrated Lights Out 2/3/4. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Unlike the TLS server-side version of Logjam, this vulnerability affects the client-side TLS connection on iLO, or when the iLO acts as a client in a client-server connection. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | b97907dae89a06f33ea7b50ebce10a80
HP Security Bulletin HPSBUX03435 SSRT102977 1
Posted Jan 8, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03435 SSRT102977 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts including: The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Apache does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters. Revision 1 of this advisory.

tags | advisory, remote, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2015-2808, CVE-2015-3183, CVE-2015-4000
MD5 | 1cda55e822897c1121b018d9729f52c4
HP Security Bulletin HPSBHF03528 1
Posted Dec 17, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03528 1 - A potential security vulnerability has been identified in HP Network Products running VCX. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | b9fbb5a1ebf6d92f00430547fbba6930
HP Security Bulletin HPSBHF03433 SSRT102964 1
Posted Dec 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03433 SSRT102964 1 - A potential security vulnerability has been identified with HP-UX Running Mozilla Firefox and Thunderbird. This may allow remote disclosure of information. Note: This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, remote
systems | hpux
advisories | CVE-2015-4000
MD5 | 806d5f1ac434a12d15edd0b833863c45
HP Security Bulletin HPSBGN03519 1
Posted Nov 5, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03519 1 - A potential security vulnerability has been identified in HP Project and Portfolio Management Center. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as " Logjam " which could be exploited remotely resulting in disclosure of information. Note: This vulnerability is in the TLS protocol and not specific to HP Project and Portfolio Management Center. Revision 1 of this advisory.

tags | advisory, protocol
advisories | CVE-2015-4000
MD5 | b9bc51e4391b9d93260c4cbb81e901ba
HP Security Bulletin HPSBUX03512 SSRT102254 1
Posted Oct 16, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03512 SSRT102254 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts including.. - The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. - The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2015-2808, CVE-2015-3183, CVE-2015-4000
MD5 | 82f686cb2fe6f4d43efcc320d791f31c
HP Security Bulletin HPSBMU03401 1
Posted Sep 1, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03401 1 - Potential security vulnerabilities have been identified in HP Operations Manager for UNIX and Linux. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, unix
advisories | CVE-2015-2808, CVE-2015-4000
MD5 | 751fc658ed041b4717317f869e993569
HP Security Bulletin HPSBGN03407 1
Posted Aug 28, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03407 1 - Potential security vulnerabilities have been identified in HP Operations Manager for Windows. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2015-2808, CVE-2015-4000
MD5 | e88e4106021792d4728ba97d0df61607
HP Security Bulletin HPSBGN03402 2
Posted Aug 27, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03402 2 - Potential security vulnerabilities have been identified in HP Performance Manager. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808, CVE-2015-4000
MD5 | c32c736bb5be833a33501bcb5d1d3179
HP Security Bulletin HPSBGN03411 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03411 1 - A potential security vulnerability has been identified in HP Operations Agent Virtual Appliance. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | d9d18d1ecd244ad0bbb5a7d6271006f0
HP Security Bulletin HPSBGN03405 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03405 1 - Potential security vulnerabilities have been identified in HP Integration Adaptor. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808, CVE-2015-4000
MD5 | 1b1f300abd5f9e471e7d5736c25d31ad
HP Security Bulletin HPSBGN03399 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03399 1 - Potential security vulnerabilities have been identified in HP BSM Connector (BSMC). The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2808, CVE-2015-4000
MD5 | 39929a18ddcfaa311630199c238cd731
HP Security Bulletin HPSBGN03404 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03404 1 - A potential security vulnerability has been identified in HP Service Health Reporter. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | c8210517d713923eb32600885d6adea7
HP Security Bulletin HPSBMU03345 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03345 1 - Potential security vulnerabilities have been identified with HP Network Node Manager i and Smart Plugins (iSPIs). The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The SSLv3 vulnerability using US export-grade RSA encryption known as FREAK could be exploited remotely to allow unauthorized . Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-0204, CVE-2015-2808, CVE-2015-4000
MD5 | 16305c839856c915507ccb1978b9dae0
Debian Security Advisory 3339-1
Posted Aug 21, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3339-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
MD5 | 57e717d64ad9204dbc14777b5ec72e2f
Page 1 of 3
Back123Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close