The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
balasys dheater - |
||
siemens scalance_w1750d_firmware |
||
suse linux enterprise server 15 |
||
suse linux enterprise server 11 |
||
suse linux enterprise server 12 |
||
f5 big-iq centralized management 7.1.0 |
||
f5 traffix signaling delivery controller 5.2.0 |
||
f5 traffix signaling delivery controller 5.1.0 |
||
f5 big-iq centralized management |
||
f5 big-ip service proxy 1.6.0 |
||
f5 big-ip access policy manager |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip advanced web application firewall |
||
f5 big-ip analytics |
||
f5 big-ip application acceleration manager |
||
f5 big-ip application security manager |
||
f5 big-ip application visibility and reporting |
||
f5 big-ip carrier-grade nat |
||
f5 big-ip ddos hybrid defender |
||
f5 big-ip domain name system |
||
f5 big-ip edge gateway |
||
f5 big-ip fraud protection service |
||
f5 big-ip global traffic manager |
||
f5 big-ip link controller |
||
f5 big-ip local traffic manager |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip ssl orchestrator |
||
f5 big-ip webaccelerator |
||
f5 big-ip websafe |
||
f5 f5os-c 1.5.1 |
||
f5 f5os-c 1.5.0 |
||
f5 f5os-c |
||
f5 f5os-a 1.3.1 |
||
f5 f5os-a 1.3.0 |
||
hpe arubaos-cx |
||
stormshield stormshield network security |
||
stormshield stormshield management center |