VDB
DEBIAN-CVE-2015-0204
DEBIAN-CVE-2015-0204
PUBLISHED
CVSS 9.300000190734863 CRITICAL
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | openssl | 0, 0, 0 |
| Debian:12 | openssl | 0, 0, 0 |
| Debian:13 | openssl | 0, 0, 0 |
| Debian:14 | openssl | 0, 0, 0 |
Exploit Intelligence
- This script check if your list of server is accepting Export cipher suites and could be vulnerable to CVE-2015-0204 (github-poc-repo)
- Multithreaded FREAK scanner, used to detect SSL EXP Ciphers, vulnerable to CVE-2015-0204 (github-poc-repo)
- Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai. (github-poc-repo)
- A2SV = Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SPDY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN Installation : $ apt update && apt upgrade $ apt install git $ apt install python2 $ apt install python $ git clone https://github.com/hahwul/ a2... (github-poc-repo)
- Performs a testssl.sh test on SSL/TLS port and displays tool output. (nmap-nse)
Timeline
- Jan 9, 2015 CVE Published
- Apr 11, 2025 PoC Published
- Apr 28, 2026 CVE Updated