388
VMScore

CVE-2015-0204

Published: 09/01/2015 Updated: 19/07/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 388
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL prior to 0.9.8zd, 1.0.0 prior to 1.0.0p, and 1.0.1 prior to 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

openssl openssl 1.0.0a

openssl openssl 1.0.0b

openssl openssl 1.0.0c

openssl openssl 1.0.0d

openssl openssl 1.0.0e

openssl openssl 1.0.0f

openssl openssl 1.0.0g

openssl openssl 1.0.0h

openssl openssl 1.0.0i

openssl openssl 1.0.0j

openssl openssl 1.0.0k

openssl openssl 1.0.0l

openssl openssl 1.0.0m

openssl openssl 1.0.0n

openssl openssl 1.0.0o

openssl openssl 1.0.1a

openssl openssl 1.0.1b

openssl openssl 1.0.1c

openssl openssl 1.0.1d

openssl openssl 1.0.1e

openssl openssl 1.0.1f

openssl openssl 1.0.1g

openssl openssl 1.0.1h

openssl openssl 1.0.1i

openssl openssl 1.0.1j

Vendor Advisories

Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability S ...
A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to bypass security restrictions The vulnerability is due to improper handling of an RSA temporary key An attacker with a privileged network position could exploit the vulnerability by returning a weak temporary RSA key to a system using an application that uses the vulner ...
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method ...
Several security issues were fixed in OpenSSL ...
The FREAK attack allows an attacker to substantially degrade the strength of the encryption used in SSL/TLS connections using CVE-2015-0204 previously reported as part of SA88 Blue Coat products using affected versions of OpenSSL or that enable export grade ciphers are vulnerable A remote attacker may use this attack to view and/or alter informat ...
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-3569 Frank Schmirler reported that the ssl23_get_client_hello function in OpenSSL does not properly handle attempts to use unsupported protocols When OpenS ...
OpenSSL before 098zd, 100 before 100p, and 101 before 101k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_p ...
Table of Contents• Description • Affected Products and Components • Mitigation and Upgrades • Vulnerability Descriptions and Ratings • Multiple vulnerabilities in OpenSSL prior to 101k and 098zd (SPL-95206, SPL-95205, SPL-95204, CVE-2014-3572, CVE-2015-0204) • Path Traversal Vulnerability in Search Inspector (SPL-97914, SPL-91660) ...
Blue Coat products using affected versions of OpenSSL 101, 100, and 098 are vulnerable to one or more vulnerabilities  A remote attacker may exploit these vulnerabilities to cause a downgrade of the security of the session, a loss of forward secrecy, a crash, or a denial of service due to memory consumption ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities ...
Nessus is potentially impacted by seven vulnerabilities in OpenSSL that were recently disclosed and fixed OpenSSL contains an invalid read flaw in the ASN1_TYPE_cmp() function in crypto/asn1/a_typec that is triggered when an attempt is made to compare ASN1 boolean types This may allow a context-dependent attacker to crash an application linked ...
Table of Contents• Description • Affected Products and Components • Mitigation and Upgrades • Vulnerability Descriptions and Ratings • Multiple vulnerabilities in OpenSSL prior to 101k (SPL-95203, CVE-2014-3572, CVE-2015-0204) • Splunk Web crashes due to specific HTTP requests (SPL-93754) Description Splunk Enterprise version 622 ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - April 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when ...
Oracle Critical Patch Update Advisory - April 2015 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Patch ...

Github Repositories

This script check if your list of server is accepting Export cipher suites and could be vulnerable to CVE-2015-0204

FreakVulnChecker This script check if your list of server is accepting Export cipher suites and could be vulnerable to CVE-2015-0204 Usage Usage: /freakvulnchecksh &lt;ip[:port] | file_with ip[:port] list &gt; The program accept single ip:port or domain syntax or a list of ips or domains It will output if the Exports cipher (available in the openssl binary of your

Multithreaded FREAK scanner, used to detect SSL EXP Ciphers, vulnerable to CVE-2015-0204

Freak-Scanner Multithreaded Python FREAK scanner, used to detect SSL EXP Ciphers, vulnerable to CVE-2015-0204 It's pretty quick, should be able to scan just shy of 1k hosts in an hour The output is messy though, you'll have to grep on Vulnerable/NotVulnerable I'll try to clean this up later if there's any demand for it

Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai.

FREAK Attack CVE 20150204 Testing Script Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai It is a Free Software and does not need other's server to run Your server must score A+ to SSL Labs test under normal situation, should listed as HSTS Preload Listed website for better security Except renowned web service pro

My(A) curated list of goodies.

All sorts of stuff My(A) curated list of goodies The stuff you are actually looking for: Table of contents Bookmarks Books Browsers CAPTCHA Chat Color CMS CSS Digests Donations Email Fonts GIT Icons JavaScript Lessons Localization PHP Regular expressions RESTful API Russian spelling QR Codes Security SEO Social Testing Text editors Textures, patterns, backgrounds Utils Vi

non-controlflow-hijacking-datasets Introduction The aim of this readme file is introducing a dataset for utilizing low-level hardware information to detect Non-Control-Flow hijacking attacks Multiple traditional techniques have been proposed to defend computing systems against malware attacks that hijack the control-flow of the victim program (control-oriented attacks) Howeve

SCZ文档抄录 原文来自 scz617cn 作者SCZ是我学习的榜样,对于各种技术问题的深入钻研,令我十分钦佩。分享的知识点,也在实际工作中对我有很大的帮助。 将scz的技术文档抄录于此,以备不时之需。 Misc 2016-07-28 11:39 JEB 206 52pojie破解方案简评 2016-07-01 16:37 DSA相关的趣味数学题(1)

Vulnerability Checks heartbleedsh - CVE-2014-0160 poodlesh - CVE-2014-3566 freaksh - CVE-2015-0204

tls protocol source

TLS protocol TLS protocol in wiki TLS10 RFC2246 TLS11 RFC4346 TLS12 RFC5246 TLS13 RFC8446 RFC6125 Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) Cryptograph Number Theory Greatest Common Divisor(gcd) Definition: A com

JPN_RIC13351-2 VxWorks 61 Support for CVE-2015-0205, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-8275 Feb-Apr 2015 See docs/JPN_RIC13351-2_HowTo_Install_Build_Test_v07docx for detailed instructions

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability - CVE-2007-1858] Anonymous Cipher - CVE-2012-4929] CRIME(SPDY) - CVE-2014-0160] CCS Injection - CVE-2014-0224] HeartBleed - CVE-2014-3566] SSLv3 POODLE - CVE-2015-0204] FREAK Attack - CVE-2015-4000] LOGJAM Attack - CVE-2016-0800] SSLv2 DROWN B Dev Plan -

Escaneo automático a vulnerabilidad de SSL HeartBleed, CCS Injection, SSLv3 POODLE, FREAK

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability - CVE-2007-1858] Anonymous Cipher - CVE-2012-4929] CRIME(SPDY) - CVE-2014-0160] CCS Injection - CVE-2014-0224] HeartBleed - CVE-2014-3566] SSLv3 POODLE - CVE-2015-0204] FREAK Attack - CVE-2015-4000] LOGJAM Attack - CVE-2016-0800] SSLv2 DROWN B Dev Plan -

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability - CVE-2007-1858] Anonymous Cipher - CVE-2012-4929] CRIME(SPDY) - CVE-2014-0160] CCS Injection - CVE-2014-0224] HeartBleed - CVE-2014-3566] SSLv3 POODLE - CVE-2015-0204] FREAK Attack - CVE-2015-4000] LOGJAM Attack - CVE-2016-0800] SSLv2 DROWN B Dev Plan -

Auto Scanning to SSL Vulnerability

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability - CVE-2007-1858] Anonymous Cipher - CVE-2012-4929] CRIME(SPDY) - CVE-2014-0160] CCS Injection - CVE-2014-0224] HeartBleed - CVE-2014-3566] SSLv3 POODLE - CVE-2015-0204] FREAK Attack - CVE-2015-4000] LOGJAM Attack - CVE-2016-0800] SSLv2 DROWN B Dev Plan -

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SDPY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN B Dev Plan [PLAN

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SDPY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN B Dev Plan [PLAN

Shell script for testing the SSL/TLS Protocols

HTTPSScan Shell script for testing the SSL/TLS Protocols Check for SSL/TLS Vulnerabilities: SSLv2 (CVE-2011-1473) (CVE-2016-0800) TLS CRIME (CVE-2012-4929) RC4 (CVE-2013-2566) Heartbleed (CVE-2014-0160) Poodle (CVE-2014-3566) FREAK (CVE-2015-0204) Logjam (CVE-2015-4000) Weak Ciphers Cygwin dependencies: ncurses Usage: bash httpsscansh [target] [port] [option] Options: all,

Recent Articles

Awoogah: Get ready to patch 'severe' bug in OpenSSL this Thursday
The Register • Chris Williams, Editor in Chief • 06 Jul 2015

Heads up for July 9 security vulnerability fix

Sysadmins and anyone else with systems running OpenSSL code: a new version of the open-source crypto library will be released this week to "fix a single security defect classified as 'high' severity."
The bug, we're told, will be addressed in versions 1.0.2d and 1.0.1p of the software. The vulnerability does not affect the 1.0.0 or 0.9.8 series. OpenSSL is a widely used library that provides encrypted HTTPS connections for countless websites, as well as other secure services.
"The Op...

Cisco FREAKs out, starts epic OpenSSL bug-splat
The Register • Richard Chirgwin • 13 Mar 2015

Happy weekend, network admins

Cisco admins will be watching and waiting for fixes, with the company announcing that many of its OpenSSL implementations are carrying a bunch of post-POODLE fleas.
The Borg has been looking over its kit and software since the OpenSSL project disclosed a bunch of vulns in January, and on March 10 detailed the impacts it's discovered so far.
The list includes the notorious “FREAK” bug – CVE-2015-0204 – and Cisco's advisory contains an exhaustive list of products vulnerable, no...

FREAK show: Apple and Android SSL WIDE OPEN to snoopers
The Register • Iain Thomson in San Francisco • 03 Mar 2015

OpenSSL, iOS and OS X tricked into using weak 1990s-grade encryption keys

Security researchers are warning of a flaw in OpenSSL and Apple's SecureTransport – a hangover from the days when the US government was twitchy about the spread of cryptography.
It's a flaw that allows an attacker to decrypt your login cookies, and other sensitive information, from your HTTPS connections if you use a vulnerable browser such as Safari.
Apple's SecureTransport is a library used by applications on iOS and OS X, including Safari for iPhones, iPads and Macs. OpenSSL is ...

Post-POODLE, OpenSSL shakes off some fleas
The Register • Darren Pauli • 09 Jan 2015

New fixes repair DOS, authentication flaws

OpenSSL has squashed eight low severity vulnerabilities bugs that could result in denial of service or the removal of forward secrecy.
The holes, two graded "moderate", were addressed in OpenSSL updates 1.0.0p, 0.98zd, and 1.0.1k.
Maintainers wrote in an advisory that Cisco warned last October that a crafted Datagram Transport Layer Security (DTLS) message could trigger a segmentation fault due (CVE-2014-3571) to a NULL pointer dereference.
Another bug (CVE-2015-0206) spotted b...

References

CWE-310http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://marc.info/?l=bugtraq&m=142496179803395&w=2http://marc.info/?l=bugtraq&m=142496289803847&w=2http://marc.info/?l=bugtraq&m=142720981827617&w=2http://marc.info/?l=bugtraq&m=142721102728110&w=2http://marc.info/?l=bugtraq&m=142895206924048&w=2http://marc.info/?l=bugtraq&m=143213830203296&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144043644216842&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://marc.info/?l=bugtraq&m=144050205101530&w=2http://marc.info/?l=bugtraq&m=144050254401665&w=2http://marc.info/?l=bugtraq&m=144050297101809&w=2http://rhn.redhat.com/errata/RHSA-2015-0066.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0800.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0849.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1650.htmlhttp://support.novell.com/security/cve/CVE-2015-0204.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslhttp://www.debian.org/security/2015/dsa-3125http://www.mandriva.com/security/advisories?name=MDVSA-2015:019http://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://www.mandriva.com/security/advisories?name=MDVSA-2015:063http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.securityfocus.com/bid/71936http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1033378http://www-01.ibm.com/support/docview.wss?uid=swg21883640http://www-304.ibm.com/support/docview.wss?uid=swg21960769https://bto.bluecoat.com/security-advisory/sa88https://bto.bluecoat.com/security-advisory/sa91https://exchange.xforce.ibmcloud.com/vulnerabilities/99707https://freakattack.com/https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241https://kc.mcafee.com/corporate/index?page=content&id=SB10102https://kc.mcafee.com/corporate/index?page=content&id=SB10108https://kc.mcafee.com/corporate/index?page=content&id=SB10110https://security.gentoo.org/glsa/201503-11https://support.apple.com/HT204659https://support.citrix.com/article/CTX216642https://www.openssl.org/news/secadv_20150108.txthttps://www.openssl.org/news/secadv_20150319.txthttps://access.redhat.com/errata/RHSA-2015:0066https://nvd.nist.govhttps://github.com/felmoltor/FreakVulnCheckerhttps://www.rapid7.com/db/vulnerabilities/aix-7.1-java_april2015_advisory_cve-2015-0204http://tools.cisco.com/security/center/viewAlert.x?alertId=37722https://usn.ubuntu.com/2459-1/