2.6

CVE-2007-1858

EPSS 7.45%
Veröffentlicht 10.05.2007 00:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 25

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version4.1.28

Apache ≫ Tomcat Version4.1.31

Apache ≫ Tomcat Version5.0.0

Apache ≫ Tomcat Version5.0.1

Apache ≫ Tomcat Version5.0.2

Apache ≫ Tomcat Version5.0.10

Apache ≫ Tomcat Version5.0.11

Apache ≫ Tomcat Version5.0.12

Apache ≫ Tomcat Version5.0.13

Apache ≫ Tomcat Version5.0.14

Apache ≫ Tomcat Version5.0.15

Apache ≫ Tomcat Version5.0.16

Apache ≫ Tomcat Version5.0.17

Apache ≫ Tomcat Version5.0.18

Apache ≫ Tomcat Version5.0.19

Apache ≫ Tomcat Version5.0.21

Apache ≫ Tomcat Version5.0.22

Apache ≫ Tomcat Version5.0.23

Apache ≫ Tomcat Version5.0.24

Apache ≫ Tomcat Version5.0.25

Apache ≫ Tomcat Version5.0.26

Apache ≫ Tomcat Version5.0.27

Apache ≫ Tomcat Version5.0.28

Apache ≫ Tomcat Version5.0.29

Apache ≫ Tomcat Version5.0.30

Apache ≫ Tomcat Version5.5.0

Apache ≫ Tomcat Version5.5.1

Apache ≫ Tomcat Version5.5.2

Apache ≫ Tomcat Version5.5.3

Apache ≫ Tomcat Version5.5.4

Apache ≫ Tomcat Version5.5.5

Apache ≫ Tomcat Version5.5.6

Apache ≫ Tomcat Version5.5.7

Apache ≫ Tomcat Version5.5.8

Apache ≫ Tomcat Version5.5.9

Apache ≫ Tomcat Version5.5.10

Apache ≫ Tomcat Version5.5.11

Apache ≫ Tomcat Version5.5.12

Apache ≫ Tomcat Version5.5.13

Apache ≫ Tomcat Version5.5.14

Apache ≫ Tomcat Version5.5.15

Apache ≫ Tomcat Version5.5.16

Apache ≫ Tomcat Version5.5.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.45%	0.914

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

http://tomcat.apache.org/security-4.html

Patch

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

http://www.securityfocus.com/bid/64758

http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

http://secunia.com/advisories/33668

http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

http://tomcat.apache.org/security-5.html

Patch

http://www.securityfocus.com/archive/1/500396/100/0/threaded

http://www.securityfocus.com/archive/1/500412/100/0/threaded

http://www.vupen.com/english/advisories/2009/0233

http://www.vupen.com/english/advisories/2007/1729

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html

http://marc.info/?l=bugtraq&m=133114899904925&w=2

http://osvdb.org/34882

http://secunia.com/advisories/29392

http://secunia.com/advisories/44183

http://www.securityfocus.com/bid/28482

https://exchange.xforce.ibmcloud.com/vulnerabilities/34212

https://nvd.nist.gov/vuln/detail/CVE-2007-1858

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1858

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1858

EUVD