CVE-2007-1858

Apache Tomcat <4.1.31, <5.0.30, <5.5.17 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1858. PoCs published by anthophilee.

AI-analyzed exploit summary This repository contains a Python-based scanner tool (A2SV) designed to detect multiple SSL/TLS vulnerabilities, including CVE-2015-0204 (FREAK Attack). It automates the scanning process for various CVEs by leveraging Python scripts and dependencies.

Description

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

Exploits (1)

nomisec SCANNER 5 stars
by anthophilee · poc
https://github.com/anthophilee/A2SV--SSL-VUL-Scan

This repository contains a Python-based scanner tool (A2SV) designed to detect multiple SSL/TLS vulnerabilities, including CVE-2015-0204 (FREAK Attack). It automates the scanning process for various CVEs by leveraging Python scripts and dependencies.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: SSL/TLS implementations (various versions)
No auth needed
Prerequisites: Python 2.x · pip2 · git · network access to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22
Core References
Patch x_refsource_confirm
http://tomcat.apache.org/security-4.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500396/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34212
Patch x_refsource_confirm
http://tomcat.apache.org/security-5.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500412/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33668
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28482
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29392
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133114899904925&w=2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1729
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44183
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0233
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/34882
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64758

Scores

EPSS 0.1825
EPSS Percentile 96.8%

Details

Status published
Products (43)
apache/tomcat 4.1.28
apache/tomcat 4.1.31
apache/tomcat 5.0.0
apache/tomcat 5.0.1
apache/tomcat 5.0.2
apache/tomcat 5.0.10
apache/tomcat 5.0.11
apache/tomcat 5.0.12
apache/tomcat 5.0.13
apache/tomcat 5.0.14
... and 33 more
Published May 10, 2007
Tracked Since Feb 18, 2026