Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-0204

Published: 09/01/2015 Updated: 19/07/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 386
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Openssl

Vulnerability Summary

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL prior to 0.9.8zd, 1.0.0 prior to 1.0.0p, and 1.0.1 prior to 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.0a

openssl openssl 1.0.0b

openssl openssl 1.0.0i

openssl openssl 1.0.0j

openssl openssl 1.0.1i

openssl openssl 1.0.1h

openssl openssl 1.0.0e

openssl openssl 1.0.0f

openssl openssl 1.0.0m

openssl openssl 1.0.0n

openssl openssl 1.0.1e

openssl openssl 1.0.1d

openssl openssl 1.0.1c

openssl openssl 1.0.0c

openssl openssl 1.0.0d

openssl openssl 1.0.0k

openssl openssl 1.0.0l

openssl openssl 1.0.1g

openssl openssl 1.0.1f

openssl openssl

openssl openssl 1.0.0g

openssl openssl 1.0.0h

openssl openssl 1.0.0o

openssl openssl 1.0.1j

openssl openssl 1.0.1b

openssl openssl 1.0.1a

Vendor Advisories

Red Hat: Moderate: openssl security update
Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability S ...
Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Debian Security Advisories: DSA-3125-1 openssl -- security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-3569 Frank Schmirler reported that the ssl23_get_client_hello function in OpenSSL does not properly handle attempts to use unsupported protocols When OpenS ...
Amazon Linux AMI: ALAS-2015-469
OpenSSL before 098zd, 100 before 100p, and 101 before 101k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_p ...
Red Hat: CVE-2015-0204
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method ...
Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities ...
Cisco: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability
A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to bypass security restrictions The vulnerability is due to improper handling of an RSA temporary key An attacker with a privileged network position could exploit the vulnerability by returning a weak temporary RSA key to a system using an application that uses the vulner ...
Tenable Security Advisories: [R6] OpenSSL '20150319' Advisory Affects Tenable Products
Nessus is potentially impacted by seven vulnerabilities in OpenSSL that were recently disclosed and fixed OpenSSL contains an invalid read flaw in the ASN1_TYPE_cmp() function in crypto/asn1/a_typec that is triggered when an attempt is made to compare ASN1 boolean types This may allow a context-dependent attacker to crash an application linked ...
Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...
Huawei Security Advisories: Huawei PSIRT: Technical Analysis Report Regarding Finite State Supply Chain Assessment
Corporate Worldwide Log in ...

Github Repositories

https://github.com/TopCaver/scz_doc_copy

SCZ文档抄录 原文来自 scz617cn 作者SCZ是我学习的榜样,对于各种技术问题的深入钻研,令我十分钦佩。分享的知识点,也在实际工作中对我有很大的帮助。 将scz的技术文档抄录于此,以备不时之需。 Misc 2016-07-28 11:39 JEB 206 52pojie破解方案简评 2016-07-01 16:37 DSA相关的趣味数学题(1)

https://github.com/thekondrashov/stuff

📝 My(A) curated list of goodies.

All sorts of stuff My(A) curated list of goodies The stuff you are actually looking for: Table of contents Bookmarks Books Browsers CAPTCHA Chat Color CMS CSS Digests Donations Email Fonts GIT Icons JavaScript Lessons Localization PHP Regular expressions RESTful API Russian spelling QR Codes Security SEO Social Testing Text editors Textures, patterns, backgrounds Utils Vi

https://github.com/camel-clarkson/non-controlflow-hijacking-datasets

non-controlflow-hijacking-datasets Introduction The aim of this readme file is introducing a dataset for utilizing low-level hardware information to detect Non-Control-Flow hijacking attacks Multiple traditional techniques have been proposed to defend computing systems against malware attacks that hijack the control-flow of the victim program (control-oriented attacks) Howeve

https://github.com/felmoltor/FreakVulnChecker

This script check if your list of server is accepting Export cipher suites and could be vulnerable to CVE-2015-0204

FreakVulnChecker This script check if your list of server is accepting Export cipher suites and could be vulnerable to CVE-2015-0204 Usage Usage: /freakvulnchecksh <ip[:port] | file_with ip[:port] list > The program accept single ip:port or domain syntax or a list of ips or domains It will output if the Exports cipher (

https://github.com/neominds/JPN_RIC13351-2

JPN_RIC13351-2 VxWorks 61 Support for CVE-2015-0205, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-8275 Feb-Apr 2015 See docs/JPN_RIC13351-2_HowTo_Install_Build_Test_v07docx for detailed instructions

https://github.com/AbhishekGhosh/FREAK-Attack-CVE-2015-0204-Testing-Script

Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai.

FREAK Attack CVE 20150204 Testing Script Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai It is a Free Software and does not need other's server to run Your server must score A+ to SSL Labs test under normal situation, should listed as HSTS Preload Listed website for better security Except renowned web service pro

https://github.com/niccoX/patch-openssl-CVE-2014-0291_CVE-2015-0204

patch-openssl-CVE-2015-0291_CVE-2015-0204 Patch openssl with ansible Usage : pip install ansible ansible-playbook -i your_inventory_file patch-openssl-CVE-2015-0291_CVE-2015-0204 your_inventory_file just need to contain your server list : 192168010 webserver1examplecom webserver2examplecom db1examplecom

https://github.com/scottjpack/Freak-Scanner

Multithreaded FREAK scanner, used to detect SSL EXP Ciphers, vulnerable to CVE-2015-0204

Freak-Scanner Multithreaded Python FREAK scanner, used to detect SSL EXP Ciphers, vulnerable to CVE-2015-0204 It's pretty quick, should be able to scan just shy of 1k hosts in an hour The output is messy though, you'll have to grep on Vulnerable/NotVulnerable I'll try to clean this up later if there's any demand for it

https://github.com/cryptflow/checks

Vulnerability Checks heartbleedsh - CVE-2014-0160 poodlesh - CVE-2014-3566 freaksh - CVE-2015-0204

Recent Articles

Awoogah: Get ready to patch 'severe' bug in OpenSSL this Thursday
The Register • Chris Williams, Editor in Chief • 06 Jul 2015

Heads up for July 9 security vulnerability fix

Sysadmins and anyone else with systems running OpenSSL code: a new version of the open-source crypto library will be released this week to "fix a single security defect classified as 'high' severity." The bug, we're told, will be addressed in versions 1.0.2d and 1.0.1p of the software. The vulnerability does not affect the 1.0.0 or 0.9.8 series. OpenSSL is a widely used library that provides encrypted HTTPS connections for countless websites, as well as other secure services. "The OpenSSL projec...

Read more...
Cisco FREAKs out, starts epic OpenSSL bug-splat
The Register • Richard Chirgwin • 13 Mar 2015

Happy weekend, network admins

Cisco admins will be watching and waiting for fixes, with the company announcing that many of its OpenSSL implementations are carrying a bunch of post-POODLE fleas. The Borg has been looking over its kit and software since the OpenSSL project disclosed a bunch of vulns in January, and on March 10 detailed the impacts it's discovered so far. The list includes the notorious “FREAK” bug – CVE-2015-0204 – and Cisco's advisory contains an exhaustive list of products vulnerable, not vulnerable...

Read more...
FREAK show: Apple and Android SSL WIDE OPEN to snoopers
The Register • Iain Thomson in San Francisco • 03 Mar 2015

OpenSSL, iOS and OS X tricked into using weak 1990s-grade encryption keys

Security researchers are warning of a flaw in OpenSSL and Apple's SecureTransport – a hangover from the days when the US government was twitchy about the spread of cryptography. It's a flaw that allows an attacker to decrypt your login cookies, and other sensitive information, from your HTTPS connections if you use a vulnerable browser such as Safari. Apple's SecureTransport is a library used by applications on iOS and OS X, including Safari for iPhones, iPads and Macs. OpenSSL is open source,...

Read more...
Post-POODLE, OpenSSL shakes off some fleas
The Register • Darren Pauli • 09 Jan 2015

New fixes repair DOS, authentication flaws

OpenSSL has squashed eight low severity vulnerabilities bugs that could result in denial of service or the removal of forward secrecy. The holes, two graded "moderate", were addressed in OpenSSL updates 1.0.0p, 0.98zd, and 1.0.1k. Maintainers wrote in an advisory that Cisco warned last October that a crafted Datagram Transport Layer Security (DTLS) message could trigger a segmentation fault due (CVE-2014-3571) to a NULL pointer dereference. Another bug (CVE-2015-0206) spotted by researcher Chris...

Read more...

References

CWE-310https://www.openssl.org/news/secadv_20150108.txthttps://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0http://www.mandriva.com/security/advisories?name=MDVSA-2015:019http://support.novell.com/security/cve/CVE-2015-0204.htmlhttps://freakattack.com/http://www.debian.org/security/2015/dsa-3125http://marc.info/?l=bugtraq&m=142496289803847&w=2http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslhttp://rhn.redhat.com/errata/RHSA-2015-0066.htmlhttps://www.openssl.org/news/secadv_20150319.txthttp://marc.info/?l=bugtraq&m=142720981827617&w=2http://marc.info/?l=bugtraq&m=142721102728110&w=2http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:063http://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttps://support.apple.com/HT204659http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0800.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0849.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21883640http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787http://marc.info/?l=bugtraq&m=144050297101809&w=2http://marc.info/?l=bugtraq&m=144050254401665&w=2http://marc.info/?l=bugtraq&m=143213830203296&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://marc.info/?l=bugtraq&m=144043644216842&w=2http://marc.info/?l=bugtraq&m=142895206924048&w=2http://marc.info/?l=bugtraq&m=144050205101530&w=2http://marc.info/?l=bugtraq&m=142496179803395&w=2http://rhn.redhat.com/errata/RHSA-2016-1650.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttps://bto.bluecoat.com/security-advisory/sa88http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.htmlhttps://bto.bluecoat.com/security-advisory/sa91https://security.gentoo.org/glsa/201503-11http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679http://www.securitytracker.com/id/1033378https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241http://www-304.ibm.com/support/docview.wss?uid=swg21960769http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.htmlhttps://kc.mcafee.com/corporate/index?page=content&id=SB10110https://kc.mcafee.com/corporate/index?page=content&id=SB10108https://kc.mcafee.com/corporate/index?page=content&id=SB10102http://www.securityfocus.com/bid/71936https://exchange.xforce.ibmcloud.com/vulnerabilities/99707http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://support.citrix.com/article/CTX216642http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://access.redhat.com/errata/RHSA-2015:0066https://usn.ubuntu.com/2459-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-0204
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook