CVE-2015-4000
CVE-2015-4000 is a low-severity vulnerability in Openssl with a CVSS 3.x base score of 3.7. Its EPSS exploit-prediction score of 100% places it in the 100th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-310.
Key facts
- Severity: Low (CVSS 3.x base score 3.7)
- CVSS v2: 4.3
- EPSS exploit prediction: 100% (100th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-310
- Affected product: Openssl
- Published:
- Last modified:
Description
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Frequently asked questions
- What is CVE-2015-4000?
- The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
- How severe is CVE-2015-4000?
- CVE-2015-4000 has a CVSS 3.x base score of 3.7, rated low severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity low, and availability none.
- Is CVE-2015-4000 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 100% (100th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2015-4000?
- CVE-2015-4000 primarily affects Openssl. In total, 40 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2015-4000?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2015-4000 published?
- CVE-2015-4000 was published on 2015-05-21 and last updated on 2026-06-17.
References
- http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
- http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
Affected products (40)
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*
- cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*
- cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*
More vulnerabilities in Openssl
- CVE-2009-3245 — Critical (CVSS 10.0): OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c,…
- CVE-2006-3738 — Critical (CVSS 10.0): Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier…
- CVE-2026-31789 — Critical (CVSS 9.8): Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer…
- CVE-2022-2274 — Critical (CVSS 9.8): The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA…
- CVE-2021-3711 — Critical (CVSS 9.8): In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().…
- CVE-2016-6309 — Critical (CVSS 9.8): statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote…
Other CWE-310 (Cryptographic Issues) vulnerabilities
- CVE-2014-7878 — Critical (CVSS 10.0): The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived…
- CVE-2013-3712 — Critical (CVSS 10.0): SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has…
- CVE-2013-6952 — Critical (CVSS 10.0): The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote…
- CVE-2013-6838 — Critical (CVSS 10.0): An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000)…
- CVE-2013-0137 — Critical (CVSS 10.0): The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189…
- CVE-2011-5123 — Critical (CVSS 10.0): The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in…
Browse all CWE-310 (Cryptographic Issues) vulnerabilities →
Threat intelligence
Threat-intel indicators referencing this CVE:
- 218.4.91.163 (ipv4-addr)
- 200.77.172.159 (ipv4-addr)
- 200.196.50.91 (ipv4-addr)
- 166.62.41.190 (ipv4-addr)
- 50.62.22.47 (ipv4-addr)
- 222.99.52.202 (ipv4-addr)
- 191.101.33.225 (ipv4-addr)
- 121.164.135.251 (ipv4-addr)