CVE-2007-1858

Loading...

General

Score:2.6/10.0
Severity:Low
Category:N/A
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:High
Authentication:None

Relative vulnerabilities

CVE-2005-2090, CVE-2006-3835, CVE-2006-7195, CVE-2006-7196, CVE-2007-0450, CVE-2007-2449, CVE-2007-2450, CVE-2007-3385, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232, CVE-2008-1678, CVE-2008-2370, CVE-2008-2938, CVE-2008-5515, CVE-2009-3555, CVE-2010-2227, CVE-2011-0286

Published on 10/05/07 - Updated on 25/03/19

Description

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

Category: N/A

NVD-CWE-Other (Other)
NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.

Security Notices

US National Vulnerability DatabaseCVE-2007-1858
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2009-AVI-032, CERTA-2011-AVI-221, CERTA-2014-AVI-022
Renater 2007/VULN255, 2010/VULN248, 2011/VULN335

Exploits

SecurityFocusBID-28482, BID-64758

Relative technologies

VendorProduct
apachetomcat

Share this vulnerability with:

Twitter Facebook LinkedIn Mail