CVE-2007-1858

Sažetak

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

Reference

http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
http://www.securityfocus.com/bid/28482
http://secunia.com/advisories/29392
http://osvdb.org/34882
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://secunia.com/advisories/33668
http://www.vupen.com/english/advisories/2009/0233
http://www.vupen.com/english/advisories/2007/1729
http://secunia.com/advisories/44183
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.securityfocus.com/bid/64758
http://marc.info/?l=bugtraq&m=133114899904925&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/34212
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.securityfocus.com/archive/1/500396/100/0/threaded
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-02-2023 - 02:17

Objavljeno

10-05-2007 - 00:19