CVE-2007-1858

Apache Tomcat <4.1.31, <5.0.30, <5.5.17 - Info Disclosure

Title source: llm

Description

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

Exploits (1)

nomisec SCANNER 5 stars

by anthophilee · poc

https://github.com/anthophilee/A2SV--SSL-VUL-Scan

View Code ZIP pw:eip

References (22)

Core 22

Core References

Patch x_refsource_confirm

http://tomcat.apache.org/security-4.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/500396/100/0/threaded

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/34212

Patch x_refsource_confirm

http://tomcat.apache.org/security-5.html

Various Sources x_refsource_confirm

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/500412/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33668

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28482

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29392

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=133114899904925&w=2

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1729

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/44183

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0233

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/34882

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/64758

Various Sources x_refsource_confirm

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Scores

EPSS 0.0509

EPSS Percentile 89.8%

Details

Status published

Products (43)

apache/tomcat 4.1.28

apache/tomcat 4.1.31

apache/tomcat 5.0.0

apache/tomcat 5.0.1

apache/tomcat 5.0.2

apache/tomcat 5.0.10

apache/tomcat 5.0.11

apache/tomcat 5.0.12

apache/tomcat 5.0.13

apache/tomcat 5.0.14

... and 33 more

Published May 10, 2007

Tracked Since Feb 18, 2026