CVE-2015-0204 - Vulnerability Details

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openssl	Openssl
Redhat	Enterprise Linux Jboss Enterprise Application Platform Jboss Enterprise Web Server

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl::::::::
	cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0d:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0e:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0f:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0g:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0h:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0i:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0j:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0k:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0l:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0m:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0n:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0o:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1a:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1b:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1c:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1d:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1e:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1f:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1g:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1h:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1i:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1j:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
openssl-0:0.9.8e-33.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:0800	2015-04-13T00:00:00Z
Red Hat Enterprise Linux 6
openssl-0:1.0.1e-30.el6_6.5	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:0066	2015-01-21T00:00:00Z
Red Hat Enterprise Linux 7
openssl-1:1.0.1e-34.el7_0.7	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:0066	2015-01-21T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4
	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2015:0849	2015-04-16T00:00:00Z
Red Hat JBoss Web Server 2.1
openssl	cpe:/a:redhat:jboss_enterprise_web_server:2.1	RHSA-2016:1650	2016-08-22T00:00:00Z
Red Hat JBoss Web Server 3.0
	cpe:/a:redhat:jboss_enterprise_web_server:3.0	RHEA-2015:0955	2015-05-13T00:00:00Z

References

Link	Providers
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=142496179803395&w=2
http://marc.info/?l=bugtraq&m=142496289803847&w=2
http://marc.info/?l=bugtraq&m=142720981827617&w=2
http://marc.info/?l=bugtraq&m=142721102728110&w=2
http://marc.info/?l=bugtraq&m=142895206924048&w=2
http://marc.info/?l=bugtraq&m=143213830203296&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144043644216842&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://marc.info/?l=bugtraq&m=144050205101530&w=2
http://marc.info/?l=bugtraq&m=144050254401665&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://rhn.redhat.com/errata/RHSA-2015-0066.html
http://rhn.redhat.com/errata/RHSA-2015-0800.html
http://rhn.redhat.com/errata/RHSA-2015-0849.html
http://rhn.redhat.com/errata/RHSA-2016-1650.html
http://support.novell.com/security/cve/CVE-2015-0204.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
http://www-01.ibm.com/support/docview.wss?uid=swg21883640
http://www-304.ibm.com/support/docview.wss?uid=swg21960769
http://www.debian.org/security/2015/dsa-3125
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/71936
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1033378
https://bto.bluecoat.com/security-advisory/sa88
https://bto.bluecoat.com/security-advisory/sa91
https://exchange.xforce.ibmcloud.com/vulnerabilities/99707
https://freakattack.com/
https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
https://nvd.nist.gov/vuln/detail/CVE-2015-0204
https://security.gentoo.org/glsa/201503-11
https://securityblog.redhat.com/2015/03/04/factoring-rsa-export-keys-freak-cve-2015-0204/
https://support.apple.com/HT204659
https://support.citrix.com/article/CTX216642
https://www.cve.org/CVERecord?id=CVE-2015-0204
https://www.openssl.org/news/secadv_20150108.txt
https://www.openssl.org/news/secadv_20150319.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-01-09T02:00:00

Updated: 2024-08-06T04:03:10.552Z

Reserved: 2014-11-18T00:00:00

Link: CVE-2015-0204

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-01-09T02:59:10.287

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-0204

Redhat

Severity : Moderate

Publid Date: 2015-01-06T00:00:00Z

Links: CVE-2015-0204 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-08T00:00:00", "descriptions": [{"lang": "en", "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "SUSE-SU-2015:2182", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110"}, {"name": "HPSBOV03318", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=142895206924048&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "openSUSE-SU-2015:0130", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"}, {"name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"}, {"name": "HPSBGN03299", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=142720981827617&w=2"}, {"name": "71936", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71936"}, {"name": "SUSE-SU-2015:2192", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"name": "HPSBMU03409", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT204659"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openssl.org/news/secadv_20150319.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"}, {"name": "HPSBMU03380", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2"}, {"name": "HPSBMU03345", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=144043644216842&w=2"}, {"name": "RHSA-2015:0849", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "1033378", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033378"}, {"name": "HPSBHF03289", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=142721102728110&w=2"}, {"name": "openSUSE-SU-2016:0640", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openssl.org/news/secadv_20150108.txt"}, {"name": "MDVSA-2015:019", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"}, {"name": "SUSE-SU-2015:2166", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "openssl-cve20150204-weak-security(99707)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"}, {"name": "RHSA-2015:0066", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/security/cve/CVE-2015-0204.html"}, {"name": "HPSBUX03334", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"}, {"tags": ["x_refsource_MISC"], "url": "https://freakattack.com/"}, {"name": "MDVSA-2015:063", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"}, {"name": "HPSBUX03244", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"}, {"name": "APPLE-SA-2015-04-08-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "SUSE-SU-2015:1138", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108"}, {"name": "SUSE-SU-2015:0578", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"name": "SUSE-SU-2015:2216", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa91"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"}, {"name": "SUSE-SU-2015:1086", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"}, {"name": "SUSE-SU-2015:0946", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"}, {"name": "HPSBMU03397", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2"}, {"name": "91787", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91787"}, {"name": "RHSA-2016:1650", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"name": "RHSA-2015:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"}, {"name": "SSRT102000", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"}, {"name": "HPSBMU03396", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=144050205101530&w=2"}, {"name": "HPSBUX03162", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=142496179803395&w=2"}, {"name": "SSRT101987", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=142720981827617&w=2"}, {"name": "MDVSA-2015:062", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"}, {"name": "SUSE-SU-2015:2168", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"}, {"name": "SUSE-SU-2015:1085", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX216642"}, {"name": "HPSBMU03413", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=144050254401665&w=2"}, {"name": "SUSE-SU-2015:1161", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"}, {"name": "SSRT101885", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa88"}, {"name": "GLSA-201503-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201503-11"}, {"name": "DSA-3125", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3125"}, {"name": "SUSE-SU-2016:0113", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0204", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2015:2182", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110"}, {"name": "HPSBOV03318", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=142895206924048&w=2"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "openSUSE-SU-2015:0130", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"}, {"name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"}, {"name": "HPSBGN03299", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=142720981827617&w=2"}, {"name": "71936", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71936"}, {"name": "SUSE-SU-2015:2192", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"name": "HPSBMU03409", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659"}, {"name": "https://www.openssl.org/news/secadv_20150319.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv_20150319.txt"}, {"name": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", "refsource": "CONFIRM", "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"}, {"name": "HPSBMU03380", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2"}, {"name": "HPSBMU03345", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=144043644216842&w=2"}, {"name": "RHSA-2015:0849", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "1033378", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033378"}, {"name": "HPSBHF03289", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=142721102728110&w=2"}, {"name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"name": "https://www.openssl.org/news/secadv_20150108.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv_20150108.txt"}, {"name": "MDVSA-2015:019", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"}, {"name": "SUSE-SU-2015:2166", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"}, {"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "openssl-cve20150204-weak-security(99707)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"}, {"name": "RHSA-2015:0066", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"}, {"name": "http://support.novell.com/security/cve/CVE-2015-0204.html", "refsource": "CONFIRM", "url": "http://support.novell.com/security/cve/CVE-2015-0204.html"}, {"name": "HPSBUX03334", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"}, {"name": "https://freakattack.com/", "refsource": "MISC", "url": "https://freakattack.com/"}, {"name": "MDVSA-2015:063", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"}, {"name": "HPSBUX03244", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"}, {"name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "SUSE-SU-2015:1138", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108"}, {"name": "SUSE-SU-2015:0578", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"name": "SUSE-SU-2015:2216", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102"}, {"name": "https://bto.bluecoat.com/security-advisory/sa91", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa91"}, {"name": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0", "refsource": "CONFIRM", "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"}, {"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"}, {"name": "SUSE-SU-2015:1086", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"}, {"name": "SUSE-SU-2015:0946", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"}, {"name": "HPSBMU03397", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2"}, {"name": "91787", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91787"}, {"name": "RHSA-2016:1650", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"name": "RHSA-2015:0800", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"}, {"name": "SSRT102000", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"}, {"name": "HPSBMU03396", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=144050205101530&w=2"}, {"name": "HPSBUX03162", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=142496179803395&w=2"}, {"name": "SSRT101987", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=142720981827617&w=2"}, {"name": "MDVSA-2015:062", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"}, {"name": "SUSE-SU-2015:2168", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"}, {"name": "SUSE-SU-2015:1085", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"}, {"name": "https://support.citrix.com/article/CTX216642", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX216642"}, {"name": "HPSBMU03413", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=144050254401665&w=2"}, {"name": "SUSE-SU-2015:1161", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"}, {"name": "SSRT101885", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"}, {"name": "https://bto.bluecoat.com/security-advisory/sa88", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa88"}, {"name": "GLSA-201503-11", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201503-11"}, {"name": "DSA-3125", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3125"}, {"name": "SUSE-SU-2016:0113", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:10.552Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2015:2182", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110"}, {"name": "HPSBOV03318", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=142895206924048&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "openSUSE-SU-2015:0130", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"}, {"name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"}, {"name": "HPSBGN03299", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=142720981827617&w=2"}, {"name": "71936", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71936"}, {"name": "SUSE-SU-2015:2192", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"name": "HPSBMU03409", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT204659"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.openssl.org/news/secadv_20150319.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"}, {"name": "HPSBMU03380", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2"}, {"name": "HPSBMU03345", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144043644216842&w=2"}, {"name": "RHSA-2015:0849", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "1033378", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033378"}, {"name": "HPSBHF03289", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=142721102728110&w=2"}, {"name": "openSUSE-SU-2016:0640", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.openssl.org/news/secadv_20150108.txt"}, {"name": "MDVSA-2015:019", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"}, {"name": "SUSE-SU-2015:2166", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "openssl-cve20150204-weak-security(99707)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"}, {"name": "RHSA-2015:0066", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/security/cve/CVE-2015-0204.html"}, {"name": "HPSBUX03334", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://freakattack.com/"}, {"name": "MDVSA-2015:063", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"}, {"name": "HPSBUX03244", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"}, {"name": "APPLE-SA-2015-04-08-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "SUSE-SU-2015:1138", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108"}, {"name": "SUSE-SU-2015:0578", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"name": "SUSE-SU-2015:2216", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa91"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"}, {"name": "SUSE-SU-2015:1086", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"}, {"name": "SUSE-SU-2015:0946", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"}, {"name": "HPSBMU03397", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2"}, {"name": "91787", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91787"}, {"name": "RHSA-2016:1650", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"name": "RHSA-2015:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"}, {"name": "SSRT102000", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"}, {"name": "HPSBMU03396", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144050205101530&w=2"}, {"name": "HPSBUX03162", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=142496179803395&w=2"}, {"name": "SSRT101987", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=142720981827617&w=2"}, {"name": "MDVSA-2015:062", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"}, {"name": "SUSE-SU-2015:2168", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"}, {"name": "SUSE-SU-2015:1085", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.citrix.com/article/CTX216642"}, {"name": "HPSBMU03413", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144050254401665&w=2"}, {"name": "SUSE-SU-2015:1161", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"}, {"name": "SSRT101885", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa88"}, {"name": "GLSA-201503-11", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201503-11"}, {"name": "DSA-3125", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3125"}, {"name": "SUSE-SU-2016:0113", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0204", "datePublished": "2015-01-09T02:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2024-08-06T04:03:10.552Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCFDFDB8-6939-44E8-8B2D-C84D008AE169", "versionEndIncluding": "0.9.8zc", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "matchCriteriaId": "738BCFDC-1C49-4774-95AE-E099F707DEF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "matchCriteriaId": "8DC683F2-4346-4E5E-A8D7-67B4F4D7827B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "matchCriteriaId": "764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "matchCriteriaId": "6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "matchCriteriaId": "132B9217-B0E0-4E3E-9096-162AA28E158E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "matchCriteriaId": "7619F9A0-9054-4217-93D1-3EA64876C5B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "matchCriteriaId": "6D82C405-17E2-4DF1-8DF5-315BD5A41595", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "matchCriteriaId": "4C96806F-4718-4BD3-9102-55A26AA86498", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "matchCriteriaId": "8A16CD99-AF7F-4931-AD2E-77727BA18FBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations."}, {"lang": "es", "value": "La funci\u00f3n ssl3_get_key_exchange en s3_clnt.c en OpenSSL en versiones anteriores a 0.9.8zd, 1.0.0 en versiones anteriores a 1.0.0p y 1.0.1 en versiones anteriores a 1.0.1k permite a servidores SSL remotos llevar a cabo ataques de degradaci\u00f3n de versi\u00f3n RSA-a-EXPORT_RSA y facilitar el descifrado de fuerza bruta ofreciendo una clave RSA ef\u00edmera d\u00e9bil en un rol no sumiso, relacionado con el caso \"FREAK\" . NOTA: el alcance de esta CVE es solo c\u00f3digo cliente basado en OpenSSL, no un problema de EXPORT_RSA asociado con servidores u otras implementaciones TLS."}], "id": "CVE-2015-0204", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-09T02:59:10.287", "references": [{"source": "secalert@redhat.com", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=142496179803395&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=142720981827617&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=142720981827617&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=142721102728110&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=142895206924048&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=144043644216842&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=144050205101530&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=144050254401665&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"}, {"source": "secalert@redhat.com", "url": "http://support.novell.com/security/cve/CVE-2015-0204.html"}, {"source": "secalert@redhat.com", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"}, {"source": "secalert@redhat.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"}, {"source": "secalert@redhat.com", "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3125"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/71936"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/91787"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1033378"}, {"source": "secalert@redhat.com", "url": "https://bto.bluecoat.com/security-advisory/sa88"}, {"source": "secalert@redhat.com", "url": "https://bto.bluecoat.com/security-advisory/sa91"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://freakattack.com/"}, {"source": "secalert@redhat.com", "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"}, {"source": "secalert@redhat.com", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"}, {"source": "secalert@redhat.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102"}, {"source": "secalert@redhat.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108"}, {"source": "secalert@redhat.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201503-11"}, {"source": "secalert@redhat.com", "url": "https://support.apple.com/HT204659"}, {"source": "secalert@redhat.com", "url": "https://support.citrix.com/article/CTX216642"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv_20150108.txt"}, {"source": "secalert@redhat.com", "url": "https://www.openssl.org/news/secadv_20150319.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=142496179803395&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=142496289803847&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=142720981827617&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=142720981827617&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=142721102728110&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=142895206924048&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=144043644216842&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=144050205101530&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=144050254401665&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.novell.com/security/cve/CVE-2015-0204.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/91787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033378"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bto.bluecoat.com/security-advisory/sa88"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bto.bluecoat.com/security-advisory/sa91"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://freakattack.com/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201503-11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/HT204659"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.citrix.com/article/CTX216642"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv_20150108.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openssl.org/news/secadv_20150319.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0800", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "openssl-0:0.9.8e-33.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-04-13T00:00:00Z"}, {"advisory": "RHSA-2015:0066", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssl-0:1.0.1e-30.el6_6.5", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-01-21T00:00:00Z"}, {"advisory": "RHSA-2015:0066", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssl-1:1.0.1e-34.el7_0.7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-01-21T00:00:00Z"}, {"advisory": "RHSA-2015:0849", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2016:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1", "package": "openssl", "product_name": "Red Hat JBoss Web Server 2.1", "release_date": "2016-08-22T00:00:00Z"}, {"advisory": "RHEA-2015:0955", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.0", "product_name": "Red Hat JBoss Web Server 3.0", "release_date": "2015-05-13T00:00:00Z"}], "bugzilla": {"description": "openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)", "id": "1180184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180184"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "(CWE-327|CWE-757)", "details": ["The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", "It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method."], "name": "CVE-2015-0204", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 3"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat Storage 2.1"}], "public_date": "2015-01-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0204\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0204\nhttps://securityblog.redhat.com/2015/03/04/factoring-rsa-export-keys-freak-cve-2015-0204/\nhttps://www.openssl.org/news/secadv_20150108.txt"], "statement": "This issue affects versions of openssl as shipped with Red Hat Enterprise Linux 5, 6 and 7. Errata have been released to correct this issue.\nThis issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact and does not plan to address this flaw for the openssl098e component in any future security updates.\nThis issue affects the version of openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object