Vulnerability — CVE-2015-4000

CVE-2015-4000

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2015-4000
Description:: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Last updated date:: 10/22/2024

Type:: exploit
Confidence:: HIGH
Date of publishing:: 04/24/2021
Reference url to background: https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads

Type:: exploit
Confidence:: HIGH
Date of publishing:: 11/05/2022
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssl/ssl_version.rb