Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
OpenSSL Cryptographic Issues Vulnerability - CVE-2015-4000 - Vulnerability Database
OpenSSL

OpenSSL Cryptographic Issues Vulnerability - CVE-2015-4000

Low
Reference: CVE-2015-4000
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-4000
Title: OpenSSL Cryptographic Issues Vulnerability
Overview:

The TLS protocol 1.2 and earlier when a DHE_EXPORT ciphersuite is enabled on a server but not on a client does not properly convey a DHE_EXPORT choice which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE aka the quotLogjamquot issue.