cve/2015/CVE-2015-4000.md

### [CVE-2015-4000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

### POC

#### Reference
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.securityfocus.com/bid/91787
- https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://weakdh.org/
- https://weakdh.org/imperfect-forward-secrecy.pdf
- https://www.oracle.com/security-alerts/cpujan2021.html

#### Github
- https://github.com/84KaliPleXon3/a2sv
- https://github.com/8ctorres/SIND-Practicas
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Artem-Salnikov/devops-netology
- https://github.com/Artem-Tvr/sysadmin-09-security
- https://github.com/DButter/whitehat_public
- https://github.com/F4RM0X/script_a2sv
- https://github.com/H4CK3RT3CH/a2sv
- https://github.com/Justic-D/Dev_net_home_1
- https://github.com/Kapotov/3.9.1
- https://github.com/Live-Hack-CVE/CVE-2015-4000
- https://github.com/MrE-Fog/a2sv
- https://github.com/Mre11i0t/a2sv
- https://github.com/NikolayAntipov/DB_13-01
- https://github.com/TheRipperJhon/a2sv
- https://github.com/Vainoord/devops-netology
- https://github.com/Valdem88/dev-17_ib-yakovlev_vs
- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
- https://github.com/Wanderwille/13.01
- https://github.com/WiktorMysz/devops-netology
- https://github.com/alexandrburyakov/Rep2
- https://github.com/alexgro1982/devops-netology
- https://github.com/alexoslabs/HTTPSScan
- https://github.com/anthophilee/A2SV--SSL-VUL-Scan
- https://github.com/bysart/devops-netology
- https://github.com/clic-kbait/A2SV--SSL-VUL-Scan
- https://github.com/clino-mania/A2SV--SSL-VUL-Scan
- https://github.com/dmitrii1312/03-sysadmin-09
- https://github.com/eSentire/nmap-esentire
- https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads
- https://github.com/fireorb/SSL-Scanner
- https://github.com/fireorb/sslscanner
- https://github.com/geon071/netolofy_12
- https://github.com/giusepperuggiero96/Network-Security-2021
- https://github.com/hahwul/a2sv
- https://github.com/ilya-starchikov/devops-netology
- https://github.com/javirodriguezzz/Shodan-Browser
- https://github.com/mawinkler/c1-ws-ansible
- https://github.com/nikolay480/devops-netology
- https://github.com/pashicop/3.9_1
- https://github.com/stanmay77/security
- https://github.com/thekondrashov/stuff
- https://github.com/vitaliivakhr/NETOLOGY
- https://github.com/yellownine/netology-DevOps
- https://github.com/yurkao/python-ssl-deprecated
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2015-4000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.`

			`### POC`

			`#### Reference`
			`- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html`
			`- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html`
			`- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html`
			`- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html`
			`- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html`
			`- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html`
			`- http://www.securityfocus.com/bid/91787`
			`- https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/`
			`- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246`
			`- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes`
			`- https://weakdh.org/`
			`- https://weakdh.org/imperfect-forward-secrecy.pdf`
			`- https://www.oracle.com/security-alerts/cpujan2021.html`

			`#### Github`
			`- https://github.com/84KaliPleXon3/a2sv`
			`- https://github.com/8ctorres/SIND-Practicas`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Artem-Salnikov/devops-netology`
			`- https://github.com/Artem-Tvr/sysadmin-09-security`
			`- https://github.com/DButter/whitehat_public`
			`- https://github.com/F4RM0X/script_a2sv`
			`- https://github.com/H4CK3RT3CH/a2sv`
			`- https://github.com/Justic-D/Dev_net_home_1`
			`- https://github.com/Kapotov/3.9.1`
			`- https://github.com/Live-Hack-CVE/CVE-2015-4000`
			`- https://github.com/MrE-Fog/a2sv`
			`- https://github.com/Mre11i0t/a2sv`
			`- https://github.com/NikolayAntipov/DB_13-01`
			`- https://github.com/TheRipperJhon/a2sv`
			`- https://github.com/Vainoord/devops-netology`
			`- https://github.com/Valdem88/dev-17_ib-yakovlev_vs`
			`- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14`
			`- https://github.com/Wanderwille/13.01`
			`- https://github.com/WiktorMysz/devops-netology`
			`- https://github.com/alexandrburyakov/Rep2`
			`- https://github.com/alexgro1982/devops-netology`
			`- https://github.com/alexoslabs/HTTPSScan`
			`- https://github.com/anthophilee/A2SV--SSL-VUL-Scan`
			`- https://github.com/bysart/devops-netology`
			`- https://github.com/clic-kbait/A2SV--SSL-VUL-Scan`
			`- https://github.com/clino-mania/A2SV--SSL-VUL-Scan`
			`- https://github.com/dmitrii1312/03-sysadmin-09`
			`- https://github.com/eSentire/nmap-esentire`
			`- https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads`
			`- https://github.com/fireorb/SSL-Scanner`
			`- https://github.com/fireorb/sslscanner`
			`- https://github.com/geon071/netolofy_12`
			`- https://github.com/giusepperuggiero96/Network-Security-2021`
			`- https://github.com/hahwul/a2sv`
			`- https://github.com/ilya-starchikov/devops-netology`
			`- https://github.com/javirodriguezzz/Shodan-Browser`
			`- https://github.com/mawinkler/c1-ws-ansible`
			`- https://github.com/nikolay480/devops-netology`
			`- https://github.com/pashicop/3.9_1`
			`- https://github.com/stanmay77/security`
			`- https://github.com/thekondrashov/stuff`
			`- https://github.com/vitaliivakhr/NETOLOGY`
			`- https://github.com/yellownine/netology-DevOps`
			`- https://github.com/yurkao/python-ssl-deprecated`