|
|
|||
Release Date:2015/10/16
Attack Name:SSL SSLv3 Logjam with CBC Cipher TLS_DHE-DSS-AES128-SHA (CVE-2015-4000)
Severity:
BUG ID:
CVE ID:
| Description:
|
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE.
Impact:Information disclosure
Affected System:Windows, Linux, FreeBSD, Solaris, Other Unix, Mac OS
Additional References:CVE-2015-4000
| Solution:
|
Update vendor's patch.