apple safari CVE-2015-4000 vulnerability in Apple and Other Products
Published on May 21, 2015

product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2015-4000

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2015-4000 are published in these products:

Apple Safari
 
Google Chrome
 
IBM Content Manager
 
Mozilla Firefox
 
Mozilla FireFox Extended Support Release (ESR)
 
Mozilla Network Security Services
 
Mozilla SeaMonkey
 
Mozilla Thunderbird
 
OpenSSL
 
Opera Browser
 
Oracle Jdk
 
Oracle Java
 
Oracle Jrockit
 
Oracle Sparc Opl Service Processor
 
Apple iOS
 
Apple macOS
 
Canonical Ubuntu Linux
 
Debian Linux
 
Mozilla Firefox Os
 
Suse Linux Enterprise Desktop
 
Suse Linux Enterprise Server
 
Suse Linux Enterprise Software Development Kit
 
Suse Linux Enterprise Server
 
Microsoft Internet Explorer (IE)
 

Exploit Probability

EPSS
93.90%
Percentile
99.87%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.