BSA-2015-1935
21288
21 June 2022
17 June 2015
Closed
Low
3.7 : Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
N/A
CVE-2015-4000
Summary Security Advisory ID : BSA-2015-1935 Component : TLS protocol 1.2 Revision : 5.0
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Products Under Investigation
The following Brocade products are under investigation:
- Brocade SANnav
- Brocade Active Support Connectivity Gateway
Products Confirmed Not Vulnerable
• Brocade Fabric OS
Revision History
| Version | Change | Date |
|---|---|---|
| 1.0 | Initial Publication | June 17, 2015 |
2.0 | Change table format added CVE information | Not Available |
3.0 | updated to address product name changes and discrepancies | Not Available |
4.0 | Updated to address SDN Controller, Traffic manager, BNA, IronView, and DCFM | May 11, 2016 |
5.0 | updated to remove old Brocade Products | June 21, 2022 |