CVE-2007-1858 Information

Description

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 uses certain insecure ciphers including the anonymous cipher which allows remote attackers to obtain sensitive information or have other unspecified impacts.

Reference

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html http://marc.info/?l=bugtraq&m=133114899904925&w=2 http://osvdb.org/34882 http://secunia.com/advisories/29392 http://secunia.com/advisories/33668 http://secunia.com/advisories/44183 http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/archive/1/500396/100/0/threaded http://www.securityfocus.com/archive/1/500412/100/0/threaded http://www.securityfocus.com/bid/28482 http://www.securityfocus.com/bid/64758 http://www.vupen.com/english/advisories/2007/1729 http://www.vupen.com/english/advisories/2009/0233 https://exchange.xforce.ibmcloud.com/vulnerabilities/34212 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@3Cdev.tomcat.apache.org3E