ID CVE-2007-1858
Summary The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 4.1.28
    cpe:2.3:a:apache:tomcat:4.1.28
  • Apache Software Foundation Tomcat 4.1.31
    cpe:2.3:a:apache:tomcat:4.1.31
  • Apache Software Foundation Tomcat 5.0.0
    cpe:2.3:a:apache:tomcat:5.0.0
  • Apache Software Foundation Tomcat 5.0.1
    cpe:2.3:a:apache:tomcat:5.0.1
  • Apache Software Foundation Tomcat 5.0.2
    cpe:2.3:a:apache:tomcat:5.0.2
  • Apache Software Foundation Tomcat 5.0.10
    cpe:2.3:a:apache:tomcat:5.0.10
  • Apache Software Foundation Tomcat 5.0.11
    cpe:2.3:a:apache:tomcat:5.0.11
  • Apache Software Foundation Tomcat 5.0.12
    cpe:2.3:a:apache:tomcat:5.0.12
  • Apache Software Foundation Tomcat 5.0.13
    cpe:2.3:a:apache:tomcat:5.0.13
  • Apache Software Foundation Tomcat 5.0.14
    cpe:2.3:a:apache:tomcat:5.0.14
  • Apache Software Foundation Tomcat 5.0.15
    cpe:2.3:a:apache:tomcat:5.0.15
  • Apache Software Foundation Tomcat 5.0.16
    cpe:2.3:a:apache:tomcat:5.0.16
  • Apache Software Foundation Tomcat 5.0.17
    cpe:2.3:a:apache:tomcat:5.0.17
  • Apache Software Foundation Tomcat 5.0.18
    cpe:2.3:a:apache:tomcat:5.0.18
  • Apache Software Foundation Tomcat 5.0.19
    cpe:2.3:a:apache:tomcat:5.0.19
  • Apache Software Foundation Tomcat 5.0.21
    cpe:2.3:a:apache:tomcat:5.0.21
  • Apache Software Foundation Tomcat 5.0.22
    cpe:2.3:a:apache:tomcat:5.0.22
  • Apache Software Foundation Tomcat 5.0.23
    cpe:2.3:a:apache:tomcat:5.0.23
  • Apache Software Foundation Tomcat 5.0.24
    cpe:2.3:a:apache:tomcat:5.0.24
  • Apache Software Foundation Tomcat 5.0.25
    cpe:2.3:a:apache:tomcat:5.0.25
  • Apache Software Foundation Tomcat 5.0.26
    cpe:2.3:a:apache:tomcat:5.0.26
  • Apache Software Foundation Tomcat 5.0.27
    cpe:2.3:a:apache:tomcat:5.0.27
  • Apache Software Foundation Tomcat 5.0.28
    cpe:2.3:a:apache:tomcat:5.0.28
  • Apache Software Foundation Tomcat 5.0.29
    cpe:2.3:a:apache:tomcat:5.0.29
  • Apache Software Foundation Tomcat 5.0.30
    cpe:2.3:a:apache:tomcat:5.0.30
  • Apache Software Foundation Tomcat 5.5.0
    cpe:2.3:a:apache:tomcat:5.5.0
  • Apache Software Foundation Tomcat 5.5.1
    cpe:2.3:a:apache:tomcat:5.5.1
  • Apache Software Foundation Tomcat 5.5.2
    cpe:2.3:a:apache:tomcat:5.5.2
  • Apache Software Foundation Tomcat 5.5.3
    cpe:2.3:a:apache:tomcat:5.5.3
  • Apache Software Foundation Tomcat 5.5.4
    cpe:2.3:a:apache:tomcat:5.5.4
  • Apache Software Foundation Tomcat 5.5.5
    cpe:2.3:a:apache:tomcat:5.5.5
  • Apache Software Foundation Tomcat 5.5.6
    cpe:2.3:a:apache:tomcat:5.5.6
  • Apache Software Foundation Tomcat 5.5.7
    cpe:2.3:a:apache:tomcat:5.5.7
  • Apache Software Foundation Tomcat 5.5.8
    cpe:2.3:a:apache:tomcat:5.5.8
  • Apache Software Foundation Tomcat 5.5.9
    cpe:2.3:a:apache:tomcat:5.5.9
  • Apache Software Foundation Tomcat 5.5.10
    cpe:2.3:a:apache:tomcat:5.5.10
  • Apache Software Foundation Tomcat 5.5.11
    cpe:2.3:a:apache:tomcat:5.5.11
  • Apache Software Foundation Tomcat 5.5.12
    cpe:2.3:a:apache:tomcat:5.5.12
  • Apache Software Foundation Tomcat 5.5.13
    cpe:2.3:a:apache:tomcat:5.5.13
  • Apache Software Foundation Tomcat 5.5.14
    cpe:2.3:a:apache:tomcat:5.5.14
  • Apache Software Foundation Tomcat 5.5.15
    cpe:2.3:a:apache:tomcat:5.5.15
  • Apache Software Foundation Tomcat 5.5.16
    cpe:2.3:a:apache:tomcat:5.5.16
  • Apache Software Foundation Tomcat 5.5.17
    cpe:2.3:a:apache:tomcat:5.5.17
CVSS
Base: 2.6 (as of 10-05-2007 - 14:31)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TOMCAT5-5070.NASL
    description This update of tomcat fixes cross-site scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers. (CVE-2007-1858)
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 31674
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31674
    title SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5070)
  • NASL family Web Servers
    NASL id TOMCAT_4_1_32.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.32. It is, therefore, affected by the following vulnerabilities : - The remote Apache Tomcat install is vulnerable to a denial of service attack. If directory listing is enabled, function calls to retrieve the contents of large directories can degrade performance. (CVE-2005-3510) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP examples are enabled. Several of these JSP examples do not properly validate user input. (CVE-2005-4838) - The remote Apache Tomcat install allows remote users to list the contents of a directory by placing a semicolon before a filename with a mapped extension. (CVE-2006-3835) - If enabled, the JSP calendar example application is vulnerable to a cross-site scripting attack because user input is not properly validated. (CVE-2006-7196) - The remote Apache Tomcat install, in its default configuration, permits the use of insecure ciphers when using SSL. (CVE-2007-1858) - The remote Apache Tomcat install may be vulnerable to an information disclosure attack by allowing requests from a non-permitted IP address to gain access to a context that is protected with a valve that extends RequestFilterValve. (CVE-2008-3271) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2018-08-01
    plugin id 47029
    published 2010-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47029
    title Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1069.NASL
    description Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. It was reported Tomcat did not properly handle the following character sequence in a cookie: \' (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385). Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382). The default Tomcat configuration permitted the use of insecure SSL cipher suites including the anonymous cipher suite. (CVE-2007-1858) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) Directory listings were enabled by default in Tomcat. Information stored unprotected under the document root was visible to anyone if the administrator did not disable directory listings. (CVE-2006-3835) It was found that generating listings of large directories was CPU intensive. An attacker could make repeated requests to obtain a directory listing of any large directory, leading to a denial of service. (CVE-2005-3510) Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues, and add the tyrex and jakarta-commons-pool packages which are required dependencies of the new Tomcat version.
    last seen 2018-09-01
    modified 2016-12-29
    plugin id 43834
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43834
    title RHEL 3 / 4 : tomcat in Satellite Server (RHSA-2007:1069)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TOMCAT55-5069.NASL
    description This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers (CVE-2007-1858).
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 31698
    published 2008-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31698
    title openSUSE 10 Security Update : tomcat55 (tomcat55-5069)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12116.NASL
    description This update of Tomcat fixes cross-site scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers. (CVE-2007-1858)
    last seen 2018-09-01
    modified 2012-04-23
    plugin id 41202
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41202
    title SuSE9 Security Update : Tomcat (YOU Patch Number 12116)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TOMCAT5-5071.NASL
    description This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers (CVE-2007-1858).
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 31675
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31675
    title openSUSE 10 Security Update : tomcat5 (tomcat5-5071)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-MOD_JK-5066.NASL
    description This update of tomcat improves the list of supported SSL ciphers (CVE-2007-1858).
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 31673
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31673
    title openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-5066)
  • NASL family Service detection
    NASL id SSL_ANON_CIPHERS.NASL
    description The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack. Note: This is considerably easier to exploit if the attacker is on the same physical network.
    last seen 2018-09-01
    modified 2018-08-03
    plugin id 31705
    published 2008-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31705
    title SSL Anonymous Cipher Suites Supported
refmap via4
bid
  • 28482
  • 64758
bugtraq
  • 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
  • 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
confirm
hp
  • HPSBMU02744
  • SSRT100776
osvdb 34882
secunia
  • 29392
  • 33668
  • 44183
suse SUSE-SR:2008:007
vupen
  • ADV-2007-1729
  • ADV-2009-0233
xf tomcat-ssl-security-bypass(34212)
Last major update 22-08-2016 - 21:59
Published 09-05-2007 - 20:19
Last modified 16-10-2018 - 12:40
Back to Top