Loading...

Knowledge Center


Network Security Sensor response to CVE-2015-4000 (Not Vulnerable)
Technical Articles ID:   KB84953
Last Modified:  1/5/2018

Environment

McAfee Network Security Sensor Appliance 8.x, 7.x

Problem

The vulnerability CVE-2015-4000 has been reported against the TLS protocol.

TLS protocol 1.2 and earlier does not properly convey a DHE_EXPORT choice when a DHE_EXPORT cipher suite is enabled on a server (but not on a client). This can allow man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Client Hello with DHE replaced by DHE_EXPORT and then rewriting a Server Hello with DHE_EXPORT replaced by DHE. This is also known as the Logjam issue.

For more information see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000.

Solution

The Network Security Sensor is not vulnerable to CVE-2015-4000 because double authentication is required to log in.

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.