{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2002-20001", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-02-13T16:27:06.803Z", "dateReserved": "2021-11-11T00:00:00.000Z", "datePublished": "2021-11-11T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-23T06:51:09.585Z"}, "descriptions": [{"lang": "en", "value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Balasys/dheater"}, {"url": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol"}, {"url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/"}, {"url": "https://github.com/mozilla/ssl-config-generator/issues/162"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"}, {"url": "https://www.suse.com/support/kb/doc/?id=000020510"}, {"url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/"}, {"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"}, {"url": "https://support.f5.com/csp/article/K83120834"}, {"url": "https://dheatattack.com"}, {"url": "https://gitlab.com/dheatattack/dheater"}, {"url": "https://dheatattack.gitlab.io/"}, {"url": "https://ieeexplore.ieee.org/document/10374117"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:06:55.288Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/Balasys/dheater", "tags": ["x_transferred"]}, {"url": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol", "tags": ["x_transferred"]}, {"url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/", "tags": ["x_transferred"]}, {"url": "https://github.com/mozilla/ssl-config-generator/issues/162", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf", "tags": ["x_transferred"]}, {"url": "https://www.suse.com/support/kb/doc/?id=000020510", "tags": ["x_transferred"]}, {"url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/", "tags": ["x_transferred"]}, {"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt", "tags": ["x_transferred"]}, {"url": "https://support.f5.com/csp/article/K83120834", "tags": ["x_transferred"]}, {"url": "https://dheatattack.com", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/dheatattack/dheater", "tags": ["x_transferred"]}, {"url": "https://dheatattack.gitlab.io/", "tags": ["x_transferred"]}, {"url": "https://ieeexplore.ieee.org/document/10374117", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:balasys:dheater:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE3F88FC-F039-433B-9035-88F1691DA082", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:*", "matchCriteriaId": "70A029CD-2AC4-4877-B1A4-5C72B351BA27", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CCC14CA-A319-41AA-B910-6902E6940A25", "versionEndExcluding": "16.1.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3FFCB40-DA98-4FAE-81C2-BC5621EC4978", "versionEndExcluding": "17.1.0", "versionStartIncluding": "17.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7F493B-D3CF-4DA0-BDAF-BFE767123B35", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA4C7292-62F1-4C37-BDA6-504D49CEE18E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4212036-6970-4170-8E24-7A5DF7A69594", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "03D43E1A-B542-4C95-ABEF-1DFE82D55513", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDEC3388-C718-45C7-AB9E-E6BFCDA2ACFA", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9377E6E2-773B-46A6-B83A-2A4D2A7B2726", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D88204B9-1BA8-460A-85AA-62256B9117CF", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8279C05F-E490-4E9C-B63B-DDF85A21085D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "37B3414E-582B-439A-92B6-B0B5B653CB79", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F78E5C4-6687-4C78-88FA-0F6BD878859E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "4674B9DB-24BE-4EC7-8939-A8047A06CBDB", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CF3886C-5AD1-42BD-997D-5EA56EBE035E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "434BF35C-CD13-4B3C-9CA3-69931D048E93", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A59E095-32B6-4674-8684-372C55907391", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "48CBE008-3BB2-41D0-AAD5-388B4EE8B336", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "980AB53F-31BB-4CBC-A5EA-ECE3991AFB60", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D707901-F7A6-4A77-828C-4E5E1BC1ED72", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F3789D9-9153-4A32-B7AF-060109ACA2B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB92ED45-85DF-484B-8E13-F76D7CBAB6C3", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E631EA9E-D1EC-460A-8389-E735F2D82397", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "372BE5B4-41ED-43AF-A62F-689F4C31C00D", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B3A8A88-9266-4041-ABB0-080AA652EF1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "72901E92-7986-48CB-88BD-78D94B9CEEA3", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEDE487F-FC3E-4228-B151-117A215D8A90", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8C6FFCD-25BF-4128-AC3F-2F83B7694039", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "93FAD2D6-DF19-40B7-90F8-102D3FE5CA57", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CCC5048-75E0-485F-B28E-E195BDAB3C4C", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EA4CEF4-BFAF-4E5B-8457-1B0D327BE69A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "18D938EA-75F5-4A51-83DC-E4B6D358A0D0", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "33EC429B-1C44-4720-82AD-7D4AABC8FE9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_service_proxy:1.6.0:*:*:*:*:kubernetes:*:*", "matchCriteriaId": "BC5AC8C7-92BA-48D4-81A1-F5323DA952A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF9F54A-58DC-4A1E-8324-8DEB4D7C2359", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "29BF7E7D-7E43-4937-9F68-3F9448590D72", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C682BAB-D498-4DEC-90F1-C921F52CD219", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A0C072D2-5850-48F4-8B8A-661F04E43BBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEE45017-0984-4515-B8A8-32B86E2BAB5A", "versionEndIncluding": "17.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:17.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C6A7500-3854-4BE1-A248-191CEC151DE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "63EE01B2-FE1F-4AF7-9A27-30F509A619A0", "versionEndIncluding": "8.4.0", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA0B396A-B5CE-4337-A33A-EF58C4589CB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "42836A1C-81BB-4F80-9E32-EEE0DAA18D26", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA4D5EC6-8099-4D0A-AD6F-BA3B37C2EBD8", "vulnerable": true}, {"criteria": "cpe:2.3:o:f5:f5os-a:*:*:*:*:*:*:*:*", "matchCriteriaId": "980A8DEF-E39F-42FC-BC82-EC67F11DD481", "versionEndIncluding": "1.3.2", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:f5:f5os-a:*:*:*:*:*:*:*:*", "matchCriteriaId": "142140F2-430E-441E-B328-0BDBB4C89E13", "versionEndIncluding": "1.5.3", "versionStartIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:f5:f5os-a:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "01B43BE0-F112-4580-A188-3FE0DD140D07", "vulnerable": true}, {"criteria": "cpe:2.3:o:f5:f5os-c:*:*:*:*:*:*:*:*", "matchCriteriaId": "C089BDAE-1C06-4F2C-A6E2-9907412372A3", "versionEndIncluding": "1.3.2", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:f5:f5os-c:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF2910A9-DD68-4E44-8805-3392DA88A297", "versionEndIncluding": "1.6.2", "versionStartIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:f5:f5os-c:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "186BC26D-7E1E-4417-941E-5056CC545142", "vulnerable": true}, {"criteria": "cpe:2.3:o:f5:f5os-c:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "1EA06F21-0666-4199-853B-7B77C229E355", "vulnerable": true}, {"criteria": "cpe:2.3:o:f5:f5os-c:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "208931CB-E961-429D-834A-949ECD49D6CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:f5:f5os-c:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "EB9FB336-F29C-4F01-B2C0-3E9712B6F543", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B3AD582-9909-4FF5-B541-571F18E22356", "versionEndExcluding": "10.06.0180", "versionStartIncluding": "10.06.0000", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "matchCriteriaId": "21F81EB2-3916-4DC6-9600-B7FD17906B53", "versionEndExcluding": "10.07.0030", "versionStartIncluding": "10.07.0000", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "matchCriteriaId": "71284AA8-9E0E-4B2F-8464-B49E1D6965B5", "versionEndExcluding": "10.08.0010", "versionStartIncluding": "10.08.0000", "vulnerable": true}, {"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "matchCriteriaId": "F059E5A9-E613-4BE1-BF61-C477B3441175", "versionEndExcluding": "10.09.0002", "versionStartIncluding": "10.09.0000", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hpe:aruba_cx_4100i:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7C2B56C-203F-4290-BCE7-8BD751DF9CEF", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6100:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF1DD310-3D31-4204-92E0-70C33EE44F08", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCD1A83B-109B-4596-AE37-706751E2B57D", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6200m:-:*:*:*:*:*:*:*", "matchCriteriaId": "1218AAA5-01ED-4D89-A7AE-A600356ABD46", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6300f:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D6F748F-89E9-45FB-8BE7-2201E5EB2755", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6300m:-:*:*:*:*:*:*:*", "matchCriteriaId": "8066A871-2683-4F74-9750-E73BF004209F", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*", "matchCriteriaId": "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*", "matchCriteriaId": "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8320:-:*:*:*:*:*:*:*", "matchCriteriaId": "10B5F18A-28B0-49B4-8374-C681C2B48D2A", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8325-32c:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B7E2D3-0B72-4A78-AEFA-F106FAD38156", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8325-48y8c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E87A92B-4EE5-4235-A0DA-195F27841DBB", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-12c:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BC24E52-13C0-402F-9ABF-A1DE51719AEF", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-16y2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "76EF979E-061A-42A3-B161-B835E92ED180", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-24xf2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE04919C-9289-4FB3-938F-F8BB15EC6A74", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-32y4c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B630C64B-C474-477D-A80B-A0FB73ACCC49", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48xt4c:-:*:*:*:*:*:*:*", "matchCriteriaId": "53ABE8B8-A4F6-400B-A893-314BE24D06B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48y6c:-:*:*:*:*:*:*:*", "matchCriteriaId": "C44383CC-3751-455E-B1AB-39B16F40DC76", "vulnerable": false}, {"criteria": "cpe:2.3:h:hpe:aruba_cx_8400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B25A9CD2-5E5F-4BDB-8707-5D6941411A2B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "62A933C5-C56E-485C-AD49-3B6A2C329131", "versionEndExcluding": "3.3.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7387F52-013D-432D-87D8-5D3ABD472C9E", "versionEndExcluding": "4.3.16", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8A23A5D-928A-4225-9C93-31E5DFE215A7", "versionEndExcluding": "4.6.3", "versionStartIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE."}, {"lang": "es", "value": "El Protocolo de Acuerdo de Claves Diffie-Hellman permite a atacantes remotos (del lado del cliente) enviar n\u00fameros arbitrarios que en realidad no son claves p\u00fablicas, y desencadenar costosos c\u00e1lculos de exponenciaci\u00f3n modular DHE del lado del servidor, tambi\u00e9n se conoce como un ataque D(HE)ater. El cliente necesita muy pocos recursos de CPU y ancho de banda de red. El ataque puede ser m\u00e1s perturbador en los casos en los que un cliente puede exigir al servidor que seleccione su mayor tama\u00f1o de clave soportado. El escenario b\u00e1sico del ataque es que el cliente debe afirmar que s\u00f3lo puede comunicarse con DHE, y el servidor debe estar configurado para permitir DHE"}], "id": "CVE-2002-20001", "lastModified": "2025-08-22T10:33:16.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-11T19:15:07.380", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://dheatattack.com"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://dheatattack.gitlab.io/"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/Balasys/dheater"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/mozilla/ssl-config-generator/issues/162"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gitlab.com/dheatattack/dheater"}, {"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://ieeexplore.ieee.org/document/10374117"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K83120834"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "Technical Description"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description"], "url": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.suse.com/support/kb/doc/?id=000020510"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://dheatattack.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://dheatattack.gitlab.io/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/Balasys/dheater"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/mozilla/ssl-config-generator/issues/162"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gitlab.com/dheatattack/dheater"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://ieeexplore.ieee.org/document/10374117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K83120834"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Technical Description"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description"], "url": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.suse.com/support/kb/doc/?id=000020510"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}