CVE-2007-1858
published 2007-05-10CVE-2007-1858: The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers…
PriorityP419low2.6CVSS 2.0
AVNACHAuNCPINAN
EPSS
18.25%
96.9th percentile
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
tomcat anonymous cipher issue
vendor_redhat·2007-04-19·CVSS 2.6
CVE-2007-1858 [LOW] tomcat anonymous cipher issue
tomcat anonymous cipher issue
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
GHSA
GHSA-cjg9-7x8h-6gw3: The default SSL cipher configuration in Apache Tomcat 4
ghsa_unreviewed·2022-05-01
CVE-2007-1858 [LOW] GHSA-cjg9-7x8h-6gw3: The default SSL cipher configuration in Apache Tomcat 4
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
bugzilla·2007-04-30·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
A number of flaws affect the version of Tomcat5 shipped with RHAPS-EL3 (last
updated in RHSA-2006:0592 to 5.0.28). Please see linked bugs for details.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0340.html
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)
bugzilla·2007-04-19·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)
A number of flaws affect the version of Tomcat5 shipped with RHAPS2 (last
updated in RHSA-2006:0161 to 5.5.12). Please see linked bugs for details.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0326.html
Bugzilla
CVE-2007-1858 tomcat anonymous cipher issue
bugzilla·2007-04-19·CVSS 2.6
CVE-2007-1858 [LOW] CVE-2007-1858 tomcat anonymous cipher issue
CVE-2007-1858 tomcat anonymous cipher issue
According to http://tomcat.apache.org/security-5.html
Fixed in Apache Tomcat 5.5.17
Information disclosure CVE-2007-1858
The default SSL configuration permitted the use of insecure cipher suites
including the anonymous cipher suite. The default configuration no longer
permits the use of insecure cipher suites.
Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.17
Discussion:
advisory text: "The default Tomcat configuration permitted the use of insecure
SSL cipher suites including the anonymous cipher suite. (CVE-2007-1858)"
---
Please see https://access.redhat.com/security/cve/CVE-2007-1858 for a list of other products that contain this fix.
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.htmlhttp://marc.info/?l=bugtraq&m=133114899904925&w=2http://osvdb.org/34882http://secunia.com/advisories/29392http://secunia.com/advisories/33668http://secunia.com/advisories/44183http://support.avaya.com/elmodocs2/security/ASA-2007-206.htmhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/28482http://www.securityfocus.com/bid/64758http://www.vupen.com/english/advisories/2007/1729http://www.vupen.com/english/advisories/2009/0233https://exchange.xforce.ibmcloud.com/vulnerabilities/34212https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.htmlhttp://marc.info/?l=bugtraq&m=133114899904925&w=2http://osvdb.org/34882http://secunia.com/advisories/29392http://secunia.com/advisories/33668http://secunia.com/advisories/44183http://support.avaya.com/elmodocs2/security/ASA-2007-206.htmhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/28482http://www.securityfocus.com/bid/64758http://www.vupen.com/english/advisories/2007/1729http://www.vupen.com/english/advisories/2009/0233https://exchange.xforce.ibmcloud.com/vulnerabilities/34212https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
2007-05-10
Published