CVE-2007-1858

high

Description

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

References

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://exchange.xforce.ibmcloud.com/vulnerabilities/34212

http://www.vupen.com/english/advisories/2009/0233

http://www.vupen.com/english/advisories/2007/1729

http://www.securityfocus.com/bid/64758

http://www.securityfocus.com/bid/28482

http://www.securityfocus.com/archive/1/500412/100/0/threaded

http://www.securityfocus.com/archive/1/500396/100/0/threaded

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-4.html

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm

http://secunia.com/advisories/44183

http://secunia.com/advisories/33668

http://secunia.com/advisories/29392

http://osvdb.org/34882

http://marc.info/?l=bugtraq&m=133114899904925&w=2

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Details

Source: Mitre, NVD

Published: 2007-05-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High