Main Vulnerability Database Exploits ID:8587 - Exploit for Man-in-the-middle attack in Sun products - CVE-2015-4000

ID:8587 - Exploit for Man-in-the-middle attack in Sun products - CVE-2015-4000

Published: November 8, 2022

Vulnerability identifier: #VU86

Vulnerability risk: Medium

CVE-ID: CVE-2015-4000

CWE-ID: CWE-300

Exploitation vector: Remote access

Vulnerable software:
HPE Service Manager
Oracle Solaris
Oracle Directory Server Enterprise Edition
Oracle GlassFish Server
Oracle OpenSSO
Oracle Traffic Director
Sun ONE/iPlanet Web Server
SPARC Enterprise M3000
SPARC Enterprise M4000
SPARC Enterprise M5000
SPARC Enterprise M8000
SPARC Enterprise M9000
Oracle Secure Global Desktop

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/scanner/ssl/ssl_version

Vulnerability description

The vulnerability allows a remote attacker to decrypt TLS connections in certain situations.

The vulnerability exists due to boundary error when parsing HTTP requests. A remote unauthenticated attacker can conduct a man-in-the-middle attack that can lead to the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography.

Successful exploitation of this vulnerability may result in modification of authentication information

Remediation

Install upgrated versions at:

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05193083

ID:8587 - Exploit for Man-in-the-middle attack in Sun products - CVE-2015-4000

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human