Security News > 2015 > June > New OpenSSL versions squash LogJam bug (Help Net Security)

New OpenSSL versions squash LogJam bug (Help Net Security)

2015-06-12 08:37

The OpenSSL Project has pushed another update for the eponymous open-source cryptographic library. This one plugs several moderate bugs, one low one, and LogJam (CVE-2015-4000), which can be exploited...

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/RiOH5toRMXA/secworld.php

#openssl #security #CVE-2015-4000

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2015-05-21	CVE-2015-4000	Cryptographic Issues vulnerability in multiple products The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. network high complexity openssl canonical hp ibm oracle debian suse apple mozilla opera microsoft google CWE-310	3.7

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Openssl		2	12	98	53	17	180

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.