{"vulnerability": "cve-2007-1858", "sightings": [{"uuid": "8af27373-99bf-456d-8398-3ee00ab7cfee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2007-1858", "type": "seen", "source": "https://t.me/information_security_channel/9760", "content": "A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.\n\nSSL Vulnerabilities Detected by A2SV\n[CVE-2007-1858] Anonymous Cipher\n[CVE-2012-4929] CRIME(SPDY)\n[CVE-2014-0160] CCS Injection\n[CVE-2014-0224] HeartBleed\n[CVE-2014-3566] SSLv3 POODLE\n[CVE-2015-0204] FREAK Attack\n[CVE-2015-4000] LOGJAM Attack\n[CVE-2016-0800] SSLv2 DROWN\nPlanned for future:\n[PLAN] SSL ACCF\n[PLAN] SSL Information Analysis\nInstallation & Requirements for A2SV\nA.\nRead the rest of A2SV \u2013 Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed now! Only available at Darknet. (https://www.darknet.org.uk/2017/10/a2sv-auto-scanning-ssl-vulnerability-tool-poodle-heartbleed/)", "creation_timestamp": "2017-10-09T18:29:26.000000Z"}, {"uuid": "0051e750-eb89-4e5e-b001-2f17338a88fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2007-1858", "type": "seen", "source": "https://t.me/arpsyndicate/658", "content": "#ExploitObserverAlert\n\nCVE-2007-1858\n\nDESCRIPTION: Exploit Observer has 43 entries related to CVE-2007-1858. The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.\n\nFIRST-EPSS: 0.004720000\nNVD-IS: 2.9\nNVD-ES: 4.9", "creation_timestamp": "2023-11-28T14:51:08.000000Z"}, {"uuid": "cedab428-0ed9-4eef-930a-de19aa48c0ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2007-1858", "type": "seen", "source": "https://t.me/information_security_channel/10087", "content": "Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations, and misconfigurations.\n\nIt is built on Python 2.7 and can run on any platform which has a Python environment.\nFeatures of Spaghetti Web Application Security Scanner\nFingerprints\nServer\nWeb Frameworks (CakePHP, CherryPy,\u2026)\nWeb Application Firewall (Waf)\nContent Management System (CMS)\nOperating System (Linux, Unix,..)\nLanguage (PHP, Ruby,\u2026)\nCookie Security\n\nBruteforce\nAdmin Interface\nCommon Backdoors\nCommon Backup Directory\nCommon Backup File\nCommon Directory\nCommon File\nLog File\n\nDisclosure\nEmails\nPrivate IP\nCredit Cards\n\nAttacks\nHTML Injection\nSQL Injection\nLDAP Injection\nXPath Injection\nCross Site Scripting (XSS)\nRemote File Inclusion (RFI)\nPHP Code Injection\n\nOther\nHTTP Allow Methods\nHTML Object\nMultiple Index\nRobots Paths\nWeb Dav\nCross Site Tracing (XST)\nPHPINFO\n.Listing\n\nVulns\nShellShock\nAnonymous Cipher (CVE-2007-1858)\nCrime (SPDY) (CVE-2012-4929)\nStruts-Shock\n\nUsing Spaghetti Web Application Security Scanner\nroot@darknet:~/Spaghetti# python spaghetti.py\n\n  _____             _       _   _   _\n\n |   __|___ ___ ___| |_ ___| |_| |_|_|\n\n |__   | .\nRead the rest of Spaghetti Download \u2013 Web Application Security Scanner now! Only available at Darknet. (https://www.darknet.org.uk/2017/10/spaghetti-download-web-application-security-scanner/)", "creation_timestamp": "2017-10-17T20:54:29.000000Z"}]}