CVE-2007-1858

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tomcat.apache.org/security-4.html	Patch
http://tomcat.apache.org/security-5.html	Patch
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
http://www.securityfocus.com/bid/28482
http://secunia.com/advisories/29392
http://osvdb.org/34882
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://secunia.com/advisories/33668
http://www.vupen.com/english/advisories/2009/0233
http://www.vupen.com/english/advisories/2007/1729
http://secunia.com/advisories/44183
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.securityfocus.com/bid/64758
http://marc.info/?l=bugtraq&m=133114899904925&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/34212
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.securityfocus.com/archive/1/500396/100/0/threaded
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat:5.0.19:::::::*
	cpe:2.3:a:apache:tomcat:5.5.12:::::::*
	cpe:2.3:a:apache:tomcat:5.0.14:::::::*
	cpe:2.3:a:apache:tomcat:5.5.14:::::::*
	cpe:2.3:a:apache:tomcat:5.5.10:::::::*
	cpe:2.3:a:apache:tomcat:5.0.22:::::::*
	cpe:2.3:a:apache:tomcat:5.5.4:::::::*
	cpe:2.3:a:apache:tomcat:5.5.7:::::::*
	cpe:2.3:a:apache:tomcat:5.5.1:::::::*
	cpe:2.3:a:apache:tomcat:5.5.11:::::::*
	cpe:2.3:a:apache:tomcat:5.5.6:::::::*
	cpe:2.3:a:apache:tomcat:5.0.15:::::::*
	cpe:2.3:a:apache:tomcat:5.0.30:::::::*
	cpe:2.3:a:apache:tomcat:5.5.15:::::::*
	cpe:2.3:a:apache:tomcat:5.0.23:::::::*
	cpe:2.3:a:apache:tomcat:5.0.2:::::::*
	cpe:2.3:a:apache:tomcat:5.5.5:::::::*
	cpe:2.3:a:apache:tomcat:5.0.10:::::::*
	cpe:2.3:a:apache:tomcat:5.0.21:::::::*
	cpe:2.3:a:apache:tomcat:5.0.26:::::::*
	cpe:2.3:a:apache:tomcat:5.0.0:::::::*
	cpe:2.3:a:apache:tomcat:4.1.31:::::::*
	cpe:2.3:a:apache:tomcat:5.5.3:::::::*
	cpe:2.3:a:apache:tomcat:5.0.27:::::::*
	cpe:2.3:a:apache:tomcat:5.0.16:::::::*
	cpe:2.3:a:apache:tomcat:5.5.9:::::::*
	cpe:2.3:a:apache:tomcat:5.0.18:::::::*
	cpe:2.3:a:apache:tomcat:5.5.2:::::::*
	cpe:2.3:a:apache:tomcat:5.0.28:::::::*
	cpe:2.3:a:apache:tomcat:5.0.29:::::::*
	cpe:2.3:a:apache:tomcat:5.5.0:::::::*
	cpe:2.3:a:apache:tomcat:5.5.13:::::::*
	cpe:2.3:a:apache:tomcat:4.1.28:::::::*
	cpe:2.3:a:apache:tomcat:5.0.13:::::::*
	cpe:2.3:a:apache:tomcat:5.5.8:::::::*
	cpe:2.3:a:apache:tomcat:5.0.17:::::::*
	cpe:2.3:a:apache:tomcat:5.5.16:::::::*
	cpe:2.3:a:apache:tomcat:5.5.17:::::::*
	cpe:2.3:a:apache:tomcat:5.0.25:::::::*
	cpe:2.3:a:apache:tomcat:5.0.1:::::::*
	cpe:2.3:a:apache:tomcat:5.0.11:::::::*
	cpe:2.3:a:apache:tomcat:5.0.24:::::::*
	cpe:2.3:a:apache:tomcat:5.0.12:::::::*

Information

Published : 2007-05-09 17:19

Updated : 2023-02-12 18:17

NVD link : CVE-2007-1858

Mitre link : CVE-2007-1858

JSON object : View

CWE

NVD-CWE-Other

Products Affected

apache

tomcat

2.6 /10