ID CVE-2007-1858
Summary The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 25-03-2019 - 11:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:N/A:N
refmap via4
bid
  • 28482
  • 64758
bugtraq
  • 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
  • 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
confirm
hp
  • HPSBMU02744
  • SSRT100776
mlist
  • [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
osvdb 34882
secunia
  • 29392
  • 33668
  • 44183
suse SUSE-SR:2008:007
vupen
  • ADV-2007-1729
  • ADV-2009-0233
xf tomcat-ssl-security-bypass(34212)
Last major update 25-03-2019 - 11:29
Published 10-05-2007 - 00:19
Back to Top