CVE-2015-4000

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

Severity Score

3.7

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no transporta una elección DHE_EXPORT, lo que permite a atacantes man-in-the-middle realizar ataques de degradación del cifrado mediante la rescritura de un ClientHello con DHE remplazado por DHE_EXPORT y posteriormente la rescritura de un ServerHello con DHE_EXPORT remplazado por DHE, también conocido como el problema 'Logjam'.

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-05-15 CVE Reserved
2015-05-21 CVE Published
2024-08-04 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-310: Cryptographic Issues
CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CAPEC

References (220)

URL	Tag	Source
http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc	Third Party Advisory
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery	Third Party Advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402	Third Party Advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727	Third Party Advisory
http://openwall.com/lists/oss-security/2015/05/20/8	Mailing List
http://support.apple.com/kb/HT204941	Third Party Advisory
http://support.apple.com/kb/HT204942	Third Party Advisory
http://support.citrix.com/article/CTX201114	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959111	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959195	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959325	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959453	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959481	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959517	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959530	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959539	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959636	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21959812	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21960191	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21961717	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21962455	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21962739	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21958984	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21959132	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960041	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960194	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960380	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21960418	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21962816	Third Party Advisory
http://www-304.ibm.com/support/docview.wss?uid=swg21967893	Third Party Advisory
http://www.fortiguard.com/advisory/2015-05-20-logjam-attack	Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-70.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	Third Party Advisory
http://www.securityfocus.com/bid/74733	Third Party Advisory
http://www.securityfocus.com/bid/91787	Third Party Advisory
http://www.securitytracker.com/id/1032474	Third Party Advisory
http://www.securitytracker.com/id/1032475	Third Party Advisory
http://www.securitytracker.com/id/1032476	Third Party Advisory
http://www.securitytracker.com/id/1032637	Third Party Advisory
http://www.securitytracker.com/id/1032645	Third Party Advisory
http://www.securitytracker.com/id/1032647	Third Party Advisory
http://www.securitytracker.com/id/1032648	Third Party Advisory
http://www.securitytracker.com/id/1032649	Third Party Advisory
http://www.securitytracker.com/id/1032650	Third Party Advisory
http://www.securitytracker.com/id/1032651	Third Party Advisory
http://www.securitytracker.com/id/1032652	Third Party Advisory
http://www.securitytracker.com/id/1032653	Third Party Advisory
http://www.securitytracker.com/id/1032654	Third Party Advisory
http://www.securitytracker.com/id/1032655	Third Party Advisory
http://www.securitytracker.com/id/1032656	Third Party Advisory
http://www.securitytracker.com/id/1032688	Third Party Advisory
http://www.securitytracker.com/id/1032699	Third Party Advisory
http://www.securitytracker.com/id/1032702	Third Party Advisory
http://www.securitytracker.com/id/1032727	Third Party Advisory
http://www.securitytracker.com/id/1032759	Third Party Advisory
http://www.securitytracker.com/id/1032777	Third Party Advisory
http://www.securitytracker.com/id/1032778	Third Party Advisory
http://www.securitytracker.com/id/1032783	Third Party Advisory
http://www.securitytracker.com/id/1032784	Third Party Advisory
http://www.securitytracker.com/id/1032856	Third Party Advisory
http://www.securitytracker.com/id/1032864	Third Party Advisory
http://www.securitytracker.com/id/1032865	Third Party Advisory
http://www.securitytracker.com/id/1032871	Third Party Advisory
http://www.securitytracker.com/id/1032884	Third Party Advisory
http://www.securitytracker.com/id/1032910	Third Party Advisory
http://www.securitytracker.com/id/1032932	Third Party Advisory
http://www.securitytracker.com/id/1032960	Third Party Advisory
http://www.securitytracker.com/id/1033019	Third Party Advisory
http://www.securitytracker.com/id/1033064	Third Party Advisory
http://www.securitytracker.com/id/1033065	Third Party Advisory
http://www.securitytracker.com/id/1033067	Third Party Advisory
http://www.securitytracker.com/id/1033208	Third Party Advisory
http://www.securitytracker.com/id/1033209	Third Party Advisory
http://www.securitytracker.com/id/1033210	Third Party Advisory
http://www.securitytracker.com/id/1033222	Third Party Advisory
http://www.securitytracker.com/id/1033341	Third Party Advisory
http://www.securitytracker.com/id/1033385	Third Party Advisory
http://www.securitytracker.com/id/1033416	Third Party Advisory
http://www.securitytracker.com/id/1033430	Third Party Advisory
http://www.securitytracker.com/id/1033433	Third Party Advisory
http://www.securitytracker.com/id/1033513	Third Party Advisory
http://www.securitytracker.com/id/1033760	Third Party Advisory
http://www.securitytracker.com/id/1033891	Third Party Advisory
http://www.securitytracker.com/id/1033991	Third Party Advisory
http://www.securitytracker.com/id/1034087	Third Party Advisory
http://www.securitytracker.com/id/1034728	Third Party Advisory
http://www.securitytracker.com/id/1034884	Third Party Advisory
http://www.securitytracker.com/id/1036218	Third Party Advisory
http://www.securitytracker.com/id/1040630	Third Party Advisory
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm	Third Party Advisory
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained	Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa98	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1138554	Issue Tracking
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	Third Party Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083	Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10122	Third Party Advisory
https://puppet.com/security/cve/CVE-2015-4000	Third Party Advisory
https://security.netapp.com/advisory/ntap-20150619-0001	Third Party Advisory
https://support.citrix.com/article/CTX216642	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us	Third Party Advisory
https://weakdh.org	Third Party Advisory
https://weakdh.org/imperfect-forward-secrecy.pdf	Third Party Advisory
https://www-304.ibm.com/support/docview.wss?uid=swg21959745	Third Party Advisory
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
https://www.suse.com/security/cve/CVE-2015-4000.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	2023-02-09
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	2023-02-09

URL	Date	SRC
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc	2023-02-09
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html	2023-02-09
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html	2023-02-09
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html	2023-02-09
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html	2023-02-09
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html	2023-02-09
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html	2023-02-09
http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html	2023-02-09
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html	2023-02-09
http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html	2023-02-09
http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html	2023-02-09
http://marc.info/?l=bugtraq&m=143506486712441&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=143557934009303&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=143558092609708&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=143628304012255&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=143637549705650&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=143655800220052&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=143880121627664&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=144043644216842&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=144050121701297&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=144060576831314&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=144060606031437&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=144061542602287&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=144069189622016&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=144102017024820&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=144104533800819&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=144493176821532&w=2	2023-02-09
http://marc.info/?l=bugtraq&m=145409266329539&w=2	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1072.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1185.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1197.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1228.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1229.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1230.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1241.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1242.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1243.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1485.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1486.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1488.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1526.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1544.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2015-1604.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2016-1624.html	2023-02-09
http://rhn.redhat.com/errata/RHSA-2016-2056.html	2023-02-09
http://www.debian.org/security/2015/dsa-3287	2023-02-09
http://www.debian.org/security/2015/dsa-3300	2023-02-09
http://www.debian.org/security/2015/dsa-3316	2023-02-09
http://www.debian.org/security/2015/dsa-3324	2023-02-09
http://www.debian.org/security/2015/dsa-3339	2023-02-09
http://www.debian.org/security/2016/dsa-3688	2023-02-09
http://www.ubuntu.com/usn/USN-2656-1	2023-02-09
http://www.ubuntu.com/usn/USN-2656-2	2023-02-09
http://www.ubuntu.com/usn/USN-2673-1	2023-02-09
http://www.ubuntu.com/usn/USN-2696-1	2023-02-09
http://www.ubuntu.com/usn/USN-2706-1	2023-02-09
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196	2023-02-09
https://openssl.org/news/secadv/20150611.txt	2023-02-09
https://security.gentoo.org/glsa/201506-02	2023-02-09
https://security.gentoo.org/glsa/201512-10	2023-02-09
https://security.gentoo.org/glsa/201603-11	2023-02-09
https://security.gentoo.org/glsa/201701-46	2023-02-09
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes	2023-02-09
https://www.openssl.org/news/secadv_20150611.txt	2023-02-09
https://access.redhat.com/security/cve/CVE-2015-4000	2016-10-12
https://bugzilla.redhat.com/show_bug.cgi?id=1223211	2016-10-12
https://access.redhat.com/articles/1456263	2016-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"	Openssl Search vendor "Openssl" for product "Openssl"	<= 1.0.1m Search vendor "Openssl" for product "Openssl" and version " <= 1.0.1m"	-	Affected	in	Hp Search vendor "Hp"	Hp-ux Search vendor "Hp" for product "Hp-ux"	b.11.31 Search vendor "Hp" for product "Hp-ux" and version "b.11.31"	-	Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.0.1 <= 1.0.1m Search vendor "Openssl" for product "Openssl" and version " >= 1.0.1 <= 1.0.1m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.0.2 <= 1.0.2a Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 <= 1.0.2a"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04"		-		Affected
Ibm Search vendor "Ibm"		Content Manager Search vendor "Ibm" for product "Content Manager"				8.5 Search vendor "Ibm" for product "Content Manager" and version "8.5"		enterprise		Affected
Oracle Search vendor "Oracle"		Jrockit Search vendor "Oracle" for product "Jrockit"				r28.3.6 Search vendor "Oracle" for product "Jrockit" and version "r28.3.6"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.6.0 Search vendor "Oracle" for product "Jdk" and version "1.6.0"		update95		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.7.0 Search vendor "Oracle" for product "Jdk" and version "1.7.0"		update75		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.7.0 Search vendor "Oracle" for product "Jdk" and version "1.7.0"		update80		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.8.0 Search vendor "Oracle" for product "Jdk" and version "1.8.0"		update_33		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.8.0 Search vendor "Oracle" for product "Jdk" and version "1.8.0"		update45		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.6.0 Search vendor "Oracle" for product "Jre" and version "1.6.0"		update_95		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.7.0 Search vendor "Oracle" for product "Jre" and version "1.7.0"		update_75		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.7.0 Search vendor "Oracle" for product "Jre" and version "1.7.0"		update_80		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.8.0 Search vendor "Oracle" for product "Jre" and version "1.8.0"		update_33		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.8.0 Search vendor "Oracle" for product "Jre" and version "1.8.0"		update_45		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				12 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11.0 Search vendor "Suse" for product "Linux Enterprise Server" and version "11.0"		sp4		Affected
Suse Search vendor "Suse"		Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit"				12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"		-		Affected
Suse Search vendor "Suse"		Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server"				12 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "12"		-		Affected
Apple Search vendor "Apple"		Iphone Os Search vendor "Apple" for product "Iphone Os"				<= 8.3 Search vendor "Apple" for product "Iphone Os" and version " <= 8.3"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				<= 10.10.3 Search vendor "Apple" for product "Mac Os X" and version " <= 10.10.3"		-		Affected
Mozilla Search vendor "Mozilla"		Network Security Services Search vendor "Mozilla" for product "Network Security Services"				3.19 Search vendor "Mozilla" for product "Network Security Services" and version "3.19"		-		Affected
Oracle Search vendor "Oracle"		Sparc-opl Service Processor Search vendor "Oracle" for product "Sparc-opl Service Processor"				<= 1121 Search vendor "Oracle" for product "Sparc-opl Service Processor" and version " <= 1121"		-		Affected
Apple Search vendor "Apple"		Safari Search vendor "Apple" for product "Safari"				-		-		Affected
Google Search vendor "Google"		Chrome Search vendor "Google" for product "Chrome"				-		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				-		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				-		-		Affected
Opera Search vendor "Opera"		Opera Browser Search vendor "Opera" for product "Opera Browser"				-		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				39.0 Search vendor "Mozilla" for product "Firefox" and version "39.0"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Esr Search vendor "Mozilla" for product "Firefox Esr"				31.8 Search vendor "Mozilla" for product "Firefox Esr" and version "31.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Esr Search vendor "Mozilla" for product "Firefox Esr"				38.1.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.1.0"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				2.35 Search vendor "Mozilla" for product "Seamonkey" and version "2.35"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				31.8 Search vendor "Mozilla" for product "Thunderbird" and version "31.8"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				38.1 Search vendor "Mozilla" for product "Thunderbird" and version "38.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Os Search vendor "Mozilla" for product "Firefox Os"				2.2 Search vendor "Mozilla" for product "Firefox Os" and version "2.2"		-		Affected