CVE-2007-1858

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
http://marc.info/?l=bugtraq&m=133114899904925&w=2
http://osvdb.org/34882
http://secunia.com/advisories/29392
http://secunia.com/advisories/33668
http://secunia.com/advisories/44183
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://tomcat.apache.org/security-4.html	Patch
http://tomcat.apache.org/security-5.html	Patch
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.securityfocus.com/bid/28482
http://www.securityfocus.com/bid/64758
http://www.vupen.com/english/advisories/2007/1729
http://www.vupen.com/english/advisories/2009/0233
https://exchange.xforce.ibmcloud.com/vulnerabilities/34212
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat:4.1.28:::::::*
	cpe:2.3:a:apache:tomcat:4.1.31:::::::*
	cpe:2.3:a:apache:tomcat:5.0.0:::::::*
	cpe:2.3:a:apache:tomcat:5.0.1:::::::*
	cpe:2.3:a:apache:tomcat:5.0.2:::::::*
	cpe:2.3:a:apache:tomcat:5.0.10:::::::*
	cpe:2.3:a:apache:tomcat:5.0.11:::::::*
	cpe:2.3:a:apache:tomcat:5.0.12:::::::*
	cpe:2.3:a:apache:tomcat:5.0.13:::::::*
	cpe:2.3:a:apache:tomcat:5.0.14:::::::*
	cpe:2.3:a:apache:tomcat:5.0.15:::::::*
	cpe:2.3:a:apache:tomcat:5.0.16:::::::*
	cpe:2.3:a:apache:tomcat:5.0.17:::::::*
	cpe:2.3:a:apache:tomcat:5.0.18:::::::*
	cpe:2.3:a:apache:tomcat:5.0.19:::::::*
	cpe:2.3:a:apache:tomcat:5.0.21:::::::*
	cpe:2.3:a:apache:tomcat:5.0.22:::::::*
	cpe:2.3:a:apache:tomcat:5.0.23:::::::*
	cpe:2.3:a:apache:tomcat:5.0.24:::::::*
	cpe:2.3:a:apache:tomcat:5.0.25:::::::*
	cpe:2.3:a:apache:tomcat:5.0.26:::::::*
	cpe:2.3:a:apache:tomcat:5.0.27:::::::*
	cpe:2.3:a:apache:tomcat:5.0.28:::::::*
	cpe:2.3:a:apache:tomcat:5.0.29:::::::*
	cpe:2.3:a:apache:tomcat:5.0.30:::::::*
	cpe:2.3:a:apache:tomcat:5.5.0:::::::*
	cpe:2.3:a:apache:tomcat:5.5.1:::::::*
	cpe:2.3:a:apache:tomcat:5.5.2:::::::*
	cpe:2.3:a:apache:tomcat:5.5.3:::::::*
	cpe:2.3:a:apache:tomcat:5.5.4:::::::*
	cpe:2.3:a:apache:tomcat:5.5.5:::::::*
	cpe:2.3:a:apache:tomcat:5.5.6:::::::*
	cpe:2.3:a:apache:tomcat:5.5.7:::::::*
	cpe:2.3:a:apache:tomcat:5.5.8:::::::*
	cpe:2.3:a:apache:tomcat:5.5.9:::::::*
	cpe:2.3:a:apache:tomcat:5.5.10:::::::*
	cpe:2.3:a:apache:tomcat:5.5.11:::::::*
	cpe:2.3:a:apache:tomcat:5.5.12:::::::*
	cpe:2.3:a:apache:tomcat:5.5.13:::::::*
	cpe:2.3:a:apache:tomcat:5.5.14:::::::*
	cpe:2.3:a:apache:tomcat:5.5.15:::::::*
	cpe:2.3:a:apache:tomcat:5.5.16:::::::*
	cpe:2.3:a:apache:tomcat:5.5.17:::::::*

History

No history.

Information

Published : 2007-05-10 00:19

Updated : 2024-02-28 11:01

NVD link : CVE-2007-1858

Mitre link : CVE-2007-1858

CVE.ORG link : CVE-2007-1858

JSON object : View

Products Affected

apache

tomcat

CWE

NVD-CWE-Other

2.6 /10