4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5.4 Medium
AI Score
Confidence
Low
0.974 High
EPSS
Percentile
99.9%
Package : nss
Version : 2:3.14.5-1+deb7u7
CVE ID : CVE-2015-4000
Debian Bug : N/A
A vulnerability has been found in nss.
CVE-2015-4000
With TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is
enabled on a server but not on a client, does not properly convey
a DHE_EXPORT choice, which allows man-in-the-middle attackers to
conduct cipher-downgrade attacks by rewriting a ClientHello with
DHE replaced by DHE_EXPORT and then rewriting a ServerHello with
DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
The solution in nss was to not accept bit lengths less than 1024.
This may potentially be a backwards incompatibility issue but such
low bit lengths should not be in use so it was deemed acceptable.
For Debian 7 "Wheezy", these problems have been fixed in version
2:3.14.5-1+deb7u7.
We recommend that you upgrade your nss packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | mips | openjdk-6-jre-headless | < 6b36-1.13.8-1~deb7u1 | openjdk-6-jre-headless_6b36-1.13.8-1~deb7u1_mips.deb |
Debian | 7 | all | iceweasel-l10n-ro | < 1:31.8.0esr-1~deb7u1 | iceweasel-l10n-ro_1:31.8.0esr-1~deb7u1_all.deb |
Debian | 8 | i386 | iceweasel | < 31.8.0esr-1~deb8u1 | iceweasel_31.8.0esr-1~deb8u1_i386.deb |
Debian | 8 | mips | libnss3 | < 2:3.26-1+debu8u1 | libnss3_2:3.26-1+debu8u1_mips.deb |
Debian | 8 | powerpc | openjdk-7-jre-headless | < 7u79-2.5.6-1~deb8u1 | openjdk-7-jre-headless_7u79-2.5.6-1~deb8u1_powerpc.deb |
Debian | 7 | i386 | iceweasel-dbg | < 31.8.0esr-1~deb7u1 | iceweasel-dbg_31.8.0esr-1~deb7u1_i386.deb |
Debian | 7 | all | iceweasel-l10n-eo | < 1:31.8.0esr-1~deb7u1 | iceweasel-l10n-eo_1:31.8.0esr-1~deb7u1_all.deb |
Debian | 7 | all | iceweasel-l10n-ar | < 1:31.8.0esr-1~deb7u1 | iceweasel-l10n-ar_1:31.8.0esr-1~deb7u1_all.deb |
Debian | 7 | all | iceweasel-l10n-cs | < 1:31.8.0esr-1~deb7u1 | iceweasel-l10n-cs_1:31.8.0esr-1~deb7u1_all.deb |
Debian | 8 | mipsel | libnss3-tools | < 2:3.26-1+debu8u1 | libnss3-tools_2:3.26-1+debu8u1_mipsel.deb |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5.4 Medium
AI Score
Confidence
Low
0.974 High
EPSS
Percentile
99.9%