RULE(RULE ID:711041)

Rule General Information
Release Date: 2016-03-25
Rule Name: PROTOCOL-SSL TLS DHE_EXPORT Information Disclosure Vulnerability -16 (CVE-2015-4000)
Severity:
CVE ID:
Rule Protection Details
Description: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Impact: An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information.
Affected OS: Solaris, FreeBSD, Windows, Linux, Other Unix, Mac OS
Reference: SecurityFocusBID:74733
SecurityFocusBID:91787
SecurityTrackerID:1032474
SecurityTrackerID:1032475
SecurityTrackerID:1032476
SecurityTrackerID:1032637
SecurityTrackerID:1032645
SecurityTrackerID:1032647
SecurityTrackerID:1032648
SecurityTrackerID:1032649
SecurityTrackerID:1032650
SecurityTrackerID:1032651
SecurityTrackerID:1032652
SecurityTrackerID:1032653
SecurityTrackerID:1032654
SecurityTrackerID:1032655
SecurityTrackerID:1032656
SecurityTrackerID:1032688
SecurityTrackerID:1032699
SecurityTrackerID:1032702
SecurityTrackerID:1032727
SecurityTrackerID:1032759
SecurityTrackerID:1032777
SecurityTrackerID:1032778
SecurityTrackerID:1032783
SecurityTrackerID:1032784
SecurityTrackerID:1032856
SecurityTrackerID:1032864
SecurityTrackerID:1032865
SecurityTrackerID:1032871
SecurityTrackerID:1032884
SecurityTrackerID:1033064
SecurityTrackerID:1033208
SecurityTrackerID:1033209
SecurityTrackerID:1033210
SecurityTrackerID:1033222
SecurityTrackerID:1033341
SecurityTrackerID:1033385
SecurityTrackerID:1033416
SecurityTrackerID:1033430
SecurityTrackerID:1033433
SecurityTrackerID:1033513
SecurityTrackerID:1033760
SecurityTrackerID:1033891
SecurityTrackerID:1033991
SecurityTrackerID:1034087
SecurityTrackerID:1034728
SecurityTrackerID:1034884
Solutions
More advisories have been published on the website, please visit for more suggestions:
https://technet.microsoft.com/en-us/library/security/MS15-055
https://www.openssl.org/news/secadv_20150611.txt
https://weakdh.org/sysadmin.html