What is CVE-2015-0204?

CVE-2015-0204 is a vulnerability in Openssl, classified under Cryptographic Issues. Published 2015-01-09.

Is CVE-2015-0204 known to be exploited?

70 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openssl

CVE-2015-0204

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offer…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.919 (99.7th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions 1.0.0a, 1.0.0b, 1.0.0c
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

Public proof-of-concept exploits

References

SUSE-SU-2015:2182 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
HPSBOV03318 (x_refsource_HP, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
openSUSE-SU-2015:0130 (vendor-advisory, x_refsource_SUSE)
20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products (x_refsource_CISCO, vendor-advisory)
HPSBGN03299 (x_refsource_HP, vendor-advisory)
71936 (vdb-entry, x_refsource_BID)
SUSE-SU-2015:2192 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2015-0204?: CVE-2015-0204 is a vulnerability in Openssl, classified under Cryptographic Issues. Published 2015-01-09.
Is CVE-2015-0204 known to be exploited?: 70 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.