CVE-2007-1858

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

Link	Resource
http://tomcat.apache.org/security-4.html	Patch
http://tomcat.apache.org/security-5.html	Patch
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
http://www.securityfocus.com/bid/28482
http://secunia.com/advisories/29392
http://osvdb.org/34882
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://secunia.com/advisories/33668
http://www.vupen.com/english/advisories/2009/0233
http://www.vupen.com/english/advisories/2007/1729
http://secunia.com/advisories/44183
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.securityfocus.com/bid/64758
http://marc.info/?l=bugtraq&m=133114899904925&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/34212
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.securityfocus.com/archive/1/500396/100/0/threaded
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Configuration 1

cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*

---

Published : 2007-05-10 12:19

Updated : 2023-02-13 02:17

---

NVD link : CVE-2007-1858

Mitre link : CVE-2007-1858

No products.

NVD-CWE-Other