CVE-2007-1858 — Apache Tomcat vulnerability

7 documents5 sources

Severity

2.6LOWNVD

EPSS

5.1%

top 10.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedMay 10

Latest updateMay 1

Description

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat43 versions+42

Patches

Patch: tomcat.apache.org ↗Patch: tomcat.apache.org ↗Patch: tomcat.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-cjg9-7x8h-6gw3: The default SSL cipher configuration in Apache Tomcat 4↗2022-05-01

▶

CVEList

CVE-2007-1858: The default SSL cipher configuration in Apache Tomcat 4↗2007-05-09

▶

📋Vendor Advisories

Red Hat

tomcat anonymous cipher issue↗2007-04-19

▶

💬Community

Bugzilla

CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)↗2007-04-30

▶

Bugzilla

CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)↗2007-04-19

▶

Bugzilla

CVE-2007-1858 tomcat anonymous cipher issue↗2007-04-19

▶