CVE-2015-0204

Published: Jan 9, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SU-2015:2182

vendor-advisory

x_refsource_SUSE

https://kc.mcafee.com/corporate/index?page=content&id=SB10110

x_refsource_CONFIRM

HPSBOV03318

vendor-advisory

x_refsource_HP

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

x_refsource_CONFIRM

openSUSE-SU-2015:0130

vendor-advisory

x_refsource_SUSE

20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products

vendor-advisory

x_refsource_CISCO

HPSBGN03299

vendor-advisory

x_refsource_HP

71936

vdb-entry

x_refsource_BID

SUSE-SU-2015:2192

vendor-advisory

x_refsource_SUSE

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

x_refsource_CONFIRM

HPSBMU03409

vendor-advisory

x_refsource_HP

https://support.apple.com/HT204659

x_refsource_CONFIRM

https://www.openssl.org/news/secadv_20150319.txt

x_refsource_CONFIRM

http://www-304.ibm.com/support/docview.wss?uid=swg21960769

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

x_refsource_CONFIRM

HPSBMU03380

vendor-advisory

x_refsource_HP

HPSBMU03345

vendor-advisory

x_refsource_HP

RHSA-2015:0849

vendor-advisory

x_refsource_REDHAT

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

x_refsource_CONFIRM

1033378

vdb-entry

x_refsource_SECTRACK

HPSBHF03289

vendor-advisory

x_refsource_HP

openSUSE-SU-2016:0640

vendor-advisory

x_refsource_SUSE

https://www.openssl.org/news/secadv_20150108.txt

x_refsource_CONFIRM

MDVSA-2015:019

vendor-advisory

x_refsource_MANDRIVA

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

x_refsource_CONFIRM

SUSE-SU-2015:2166

vendor-advisory

x_refsource_SUSE

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

x_refsource_CONFIRM

openssl-cve20150204-weak-security(99707)

vdb-entry

x_refsource_XF

RHSA-2015:0066

vendor-advisory

x_refsource_REDHAT

http://support.novell.com/security/cve/CVE-2015-0204.html

x_refsource_CONFIRM

HPSBUX03334

vendor-advisory

x_refsource_HP

https://freakattack.com/

x_refsource_MISC

MDVSA-2015:063

vendor-advisory

x_refsource_MANDRIVA

http://www-01.ibm.com/support/docview.wss?uid=swg21883640

x_refsource_CONFIRM

HPSBUX03244

vendor-advisory

x_refsource_HP

APPLE-SA-2015-04-08-2

vendor-advisory

x_refsource_APPLE

SUSE-SU-2015:1138

vendor-advisory

x_refsource_SUSE

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

x_refsource_CONFIRM

https://kc.mcafee.com/corporate/index?page=content&id=SB10108

x_refsource_CONFIRM

SUSE-SU-2015:0578

vendor-advisory

x_refsource_SUSE

SUSE-SU-2015:2216

vendor-advisory

x_refsource_SUSE

https://kc.mcafee.com/corporate/index?page=content&id=SB10102

x_refsource_CONFIRM

https://bto.bluecoat.com/security-advisory/sa91

x_refsource_CONFIRM

https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0

x_refsource_CONFIRM

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

x_refsource_CONFIRM

SUSE-SU-2015:1086

vendor-advisory

x_refsource_SUSE

SUSE-SU-2015:0946

vendor-advisory

x_refsource_SUSE

HPSBMU03397

vendor-advisory

x_refsource_HP

91787

vdb-entry

x_refsource_BID

RHSA-2016:1650

vendor-advisory

x_refsource_REDHAT

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

x_refsource_CONFIRM

RHSA-2015:0800

vendor-advisory

x_refsource_REDHAT

SSRT102000

vendor-advisory

x_refsource_HP

HPSBMU03396

vendor-advisory

x_refsource_HP

HPSBUX03162

vendor-advisory

x_refsource_HP

SSRT101987

vendor-advisory

x_refsource_HP

MDVSA-2015:062

vendor-advisory

x_refsource_MANDRIVA

SUSE-SU-2015:2168

vendor-advisory

x_refsource_SUSE

SUSE-SU-2015:1085

vendor-advisory

x_refsource_SUSE

https://support.citrix.com/article/CTX216642

x_refsource_CONFIRM

HPSBMU03413

vendor-advisory

x_refsource_HP

SUSE-SU-2015:1161

vendor-advisory

x_refsource_SUSE

SSRT101885

vendor-advisory

x_refsource_HP

https://bto.bluecoat.com/security-advisory/sa88

x_refsource_CONFIRM

GLSA-201503-11

vendor-advisory

x_refsource_GENTOO

DSA-3125

vendor-advisory

x_refsource_DEBIAN

SUSE-SU-2016:0113

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-0204

Description

Affected Products

References