CVE-2015-0204

MEDIUM

Description

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://marc.info/?l=bugtraq&m=142496179803395&w=2

http://marc.info/?l=bugtraq&m=142496289803847&w=2

http://marc.info/?l=bugtraq&m=142720981827617&w=2

http://marc.info/?l=bugtraq&m=142721102728110&w=2

http://marc.info/?l=bugtraq&m=142895206924048&w=2

http://marc.info/?l=bugtraq&m=143213830203296&w=2

http://marc.info/?l=bugtraq&m=143748090628601&w=2

http://marc.info/?l=bugtraq&m=144043644216842&w=2

http://marc.info/?l=bugtraq&m=144050155601375&w=2

http://marc.info/?l=bugtraq&m=144050205101530&w=2

http://marc.info/?l=bugtraq&m=144050254401665&w=2

http://marc.info/?l=bugtraq&m=144050297101809&w=2

http://rhn.redhat.com/errata/RHSA-2015-0066.html

http://rhn.redhat.com/errata/RHSA-2015-0800.html

http://rhn.redhat.com/errata/RHSA-2015-0849.html

http://rhn.redhat.com/errata/RHSA-2016-1650.html

http://support.novell.com/security/cve/CVE-2015-0204.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

http://www.debian.org/security/2015/dsa-3125

http://www.mandriva.com/security/advisories?name=MDVSA-2015:019

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.mandriva.com/security/advisories?name=MDVSA-2015:063

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securityfocus.com/bid/71936

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1033378

http://www-01.ibm.com/support/docview.wss?uid=swg21883640

http://www-304.ibm.com/support/docview.wss?uid=swg21960769

https://bto.bluecoat.com/security-advisory/sa88

https://bto.bluecoat.com/security-advisory/sa91

https://exchange.xforce.ibmcloud.com/vulnerabilities/99707

https://freakattack.com/

https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

https://kc.mcafee.com/corporate/index?page=content&id=SB10102

https://kc.mcafee.com/corporate/index?page=content&id=SB10108

https://kc.mcafee.com/corporate/index?page=content&id=SB10110

https://security.gentoo.org/glsa/201503-11

https://support.apple.com/HT204659

https://support.citrix.com/article/CTX216642

https://www.openssl.org/news/secadv_20150108.txt

https://www.openssl.org/news/secadv_20150319.txt

Details

Source: MITRE

Published: 2015-01-09

Updated: 2018-07-19

Type: CWE-310

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (94 total)

IDNameProductFamilySeverity
140843EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2020-2076)NessusHuawei Local Security Checks
medium
137993EulerOS Virtualization 3.0.6.0 : openssl098e (EulerOS-SA-2020-1774)NessusHuawei Local Security Checks
high
129174EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2019-1980)NessusHuawei Local Security Checks
high
124999EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)NessusHuawei Local Security Checks
medium
700650Oracle Java SE 5 < Update 85 / 6 < Update 95 / 7 < Update 79 / 8 < Update 45 Multiple Vulnerabilities (April 2015 CPU) (FREAK)Nessus Network MonitorWeb Clients
critical
700510Mac OS X 10.10.x < 10.10.3 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
119972SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2192-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
119967SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:1161-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
92522Oracle Database Multiple Vulnerabilities (July 2016 CPU) (FREAK)NessusDatabases
high
90251HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)NessusWeb Servers
high
89651openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)NessusSuSE Local Security Checks
critical
87914SUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0113-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
87765IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (Logjam)NessusWindows
medium
87764IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Linux) (Bar Mitzvah) (FREAK) (Logjam)NessusDatabases
medium
87672Puppet Enterprise Multiple OpenSSL Vulnerabilities (FREAK)NessusCGI abuses
high
87404SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2168-2) (FREAK)NessusSuSE Local Security Checks
critical
87327Xerox WorkCentre 77XX Multiple Vulnerabilities (XRX15R) (FREAK) (GHOST)NessusMisc.
critical
87326Xerox WorkCentre 4260 / 4265 Multiple Vulnerabilities (XRX15AV) (FREAK) (Logjam)NessusMisc.
medium
87325Xerox WorkCentre 6400 OpenSSL RSA Temporary Key Handling EXPORT_RSA Ciphers Downgrade MitM (XRX15AP) (FREAK)NessusMisc.
medium
87324Xerox WorkCentre 3025 / 3215 / 3225 OpenSSL Multiple Vulnerabilities (XRX15AM) (FREAK) (POODLE)NessusMisc.
medium
87323Xerox WorkCentre 3550 OpenSSL Multiple Vulnerabilities (XRX15AJ) (FREAK) (POODLE)NessusMisc.
medium
87322Xerox ColorQube 92XX Multiple OpenSSL Vulnerabilities (XRX15AD) (FREAK) (GHOST) (POODLE)NessusMisc.
critical
87277SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:2216-1) (FREAK)NessusSuSE Local Security Checks
critical
87200SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2182-1) (FREAK)NessusSuSE Local Security Checks
critical
87181SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2168-1) (FREAK)NessusSuSE Local Security Checks
critical
87180SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2166-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
86426Lexmark Printer config.html Administrator Authentication Bypass (FREAK)NessusMisc.
medium
86256F5 Networks BIG-IP : OpenSSL vulnerability (SOL16139) (FREAK)NessusF5 Networks Local Security Checks
medium
85803HP Version Control Repository Manager for Linux < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)NessusMisc.
high
85802HP Version Control Repository Manager < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)NessusWindows
high
84923HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)NessusWeb Servers
high
84441SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1086-4) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84425SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1138-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84423SUSE SLES11 Security Update : Java (SUSE-SU-2015:1086-3) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84337SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-2) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84286SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84285SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1085-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84087AIX Java Advisory : java_april2015_advisory.asc (Bar Mitzvah) (FREAK)NessusAIX Local Security Checks
critical
84058MS KB3062760: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (FREAK)NessusWindows
medium
83992Splunk Enterprise 5.0.x < 5.0.13 / 6.0.x < 6.0.9 / 6.1.x < 6.1.8 OpenSSL Vulnerabilities (FREAK)NessusCGI abuses
high
83860SUSE SLED11 / SLES11 Security Update : MySQL (SUSE-SU-2015:0946-1) (FREAK)NessusSuSE Local Security Checks
medium
83528Cisco NX-OS OpenSSL Multiple Vulnerabilities (cisco-sa-20150310-ssl) (FREAK)NessusCISCO
medium
83527Apache Tomcat 8.0.x < 8.0.21 Multiple Vulnerabilities (FREAK)NessusWeb Servers
medium
83526Apache Tomcat 7.0.x < 7.0.60 Multiple Vulnerabilities (FREAK)NessusWeb Servers
medium
83490Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK)NessusWeb Servers
high
82913Juniper NSM < 2012.2R11 Multiple OpenSSL Vulnerabilities (JSA10679) (FREAK)NessusMisc.
medium
82912Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10679) (FREAK)NessusJunos Local Security Checks
medium
82830Oracle JRockit R28.3.5 Multiple Vulnerabilities (April 2015 CPU) (FREAK)NessusWindows
medium
82821Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix) (FREAK)NessusMisc.
critical
82820Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)NessusWindows
critical
82783CentOS 5 : openssl (CESA-2015:0800) (FREAK)NessusCentOS Local Security Checks
high
82760Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20150413) (FREAK)NessusScientific Linux Local Security Checks
high
82758RHEL 5 : openssl (RHSA-2015:0800) (FREAK)NessusRed Hat Local Security Checks
high
82757Oracle Linux 5 : openssl (ELSA-2015-0800) (FREAK)NessusOracle Linux Local Security Checks
high
82700Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)NessusMacOS X Local Security Checks
critical
82699Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)NessusMacOS X Local Security Checks
critical
8684Google Chrome < 41.0.2272.76 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
82663Blue Coat ProxySG 6.5.x / 6.2.x / 5.5 OpenSSL Vulnerability (FREAK)NessusFirewalls
medium
82316Mandriva Linux Security Advisory : openssl (MDVSA-2015:063)NessusMandriva Local Security Checks
medium
82315Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)NessusMandriva Local Security Checks
high
82296BlackBerry <= 7.1 and 10.x < 10.3.1.1779 SSL/TLS EXPORT_RSA Ciphers Downgrade MitM (KB36811) (FREAK)NessusMobile Devices
medium
82295BlackBerry Enterprise Server SSL/TLS EXPORT_RSA Ciphers Downgrade MitM (KB36811) (FREAK)NessusWindows
medium
82271Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(7021) <= 4.0(48) Multiple Vulnerabilities (FREAK)NessusMacOS X Local Security Checks
medium
82270Cisco AnyConnect Secure Mobility Client < 3.1(7021) / <= 4.0(48) Multiple Vulnerabilities (FREAK)NessusWindows
medium
82115Debian DLA-132-1 : openssl security update (FREAK)NessusDebian Local Security Checks
medium
82010GLSA-201503-11 : OpenSSL: Multiple vulnerabilities (FREAK)NessusGentoo Local Security Checks
high
81962FreeBSD : OpenSSL -- multiple vulnerabilities (9d15355b-ce7c-11e4-9db0-d050992ecde8) (FREAK)NessusFreeBSD Local Security Checks
high
801936OpenSSL < 0.9.8zd / 1.0.0p / 1.0.1k Key Decryption VulnerabilityLog Correlation EngineWeb Servers
medium
81903OracleVM 2.2 : openssl (OVMSA-2015-0030) (FREAK)NessusOracleVM Local Security Checks
medium
81882Opera < 28.0.1750.40 SSL/TLS EXPORT_RSA Ciphers Downgrade MitM (Mac OS X) (FREAK)NessusMacOS X Local Security Checks
medium
81815McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)NessusFirewalls
medium
81812Splunk Enterprise 6.2.x < 6.2.2 Multiple Vulnerabilities (FREAK)NessusCGI abuses
medium
81726OracleVM 3.2 : openssl (OVMSA-2015-0029) (FREAK)NessusOracleVM Local Security Checks
medium
81648Google Chrome < 41.0.2272.76 Multiple Vulnerabilities (Mac OS X) (FREAK)NessusMacOS X Local Security Checks
high
81606SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK)NessusMisc.
medium
81406AIX OpenSSL Advisory : openssl_advisory12.asc (FREAK)NessusAIX Local Security Checks
medium
81124SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10150)NessusSuSE Local Security Checks
medium
81120SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10208)NessusSuSE Local Security Checks
medium
80991openSUSE Security Update : openssl (openSUSE-SU-2015:0130-1) (FREAK)NessusSuSE Local Security Checks
medium
80929OracleVM 3.3 : openssl (OVMSA-2015-0005) (FREAK)NessusOracleVM Local Security Checks
medium
80905Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150121) (FREAK)NessusScientific Linux Local Security Checks
medium
80879RHEL 6 / 7 : openssl (RHSA-2015:0066) (FREAK)NessusRed Hat Local Security Checks
medium
80877Oracle Linux 6 / 7 : openssl (ELSA-2015-0066) (FREAK)NessusOracle Linux Local Security Checks
medium
80867CentOS 6 / 7 : openssl (CESA-2015:0066)NessusCentOS Local Security Checks
medium
80568OpenSSL 1.0.1 < 1.0.1k Multiple Vulnerabilities (FREAK)NessusWeb Servers
medium
80567OpenSSL 1.0.0 < 1.0.0p Multiple Vulnerabilities (FREAK)NessusWeb Servers
medium
80566OpenSSL 0.9.8 < 0.9.8zd Multiple Vulnerabilities (FREAK)NessusWeb Servers
medium
80471Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : openssl vulnerabilities (USN-2459-1) (FREAK)NessusUbuntu Local Security Checks
medium
80461Amazon Linux AMI : openssl (ALAS-2015-469) (FREAK)NessusAmazon Linux Local Security Checks
medium
80456Mandriva Linux Security Advisory : openssl (MDVSA-2015:019)NessusMandriva Local Security Checks
medium
80446Debian DSA-3125-1 : openssl - security update (FREAK)NessusDebian Local Security Checks
medium
80443Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-009-01) (FREAK)NessusSlackware Local Security Checks
medium
8617OpenSSL < 1.0.1k / < 1.0.0p / < 0.9.8zd Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
80424FreeBSD : OpenSSL -- multiple vulnerabilities (4e536c14-9791-11e4-977d-d050992ecde8) (FREAK)NessusFreeBSD Local Security Checks
medium