Security News > 2015 > June > New OpenSSL versions squash LogJam bug (Help Net Security)

New OpenSSL versions squash LogJam bug (Help Net Security)
2015-06-12 08:37

The OpenSSL Project has pushed another update for the eponymous open-source cryptographic library. This one plugs several moderate bugs, one low one, and LogJam (CVE-2015-4000), which can be exploited...


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/RiOH5toRMXA/secworld.php

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2015-05-21 CVE-2015-4000 Cryptographic Issues vulnerability in multiple products
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
3.7

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Openssl 1 7 48 51 13 119