Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2007-1858

Published: 10/05/2007 Updated: 13/02/2023
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 235
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Apache

Vulnerability Summary

The default SSL cipher configuration in Apache Tomcat 4.1.28 up to and including 4.1.31, 5.0.0 up to and including 5.0.30, and 5.5.0 up to and including 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote malicious users to obtain sensitive information or have other, unspecified impacts.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 5.0.19

apache tomcat 5.5.12

apache tomcat 5.0.14

apache tomcat 5.5.14

apache tomcat 5.5.10

apache tomcat 5.0.22

apache tomcat 5.5.4

apache tomcat 5.5.7

apache tomcat 5.5.1

apache tomcat 5.5.11

apache tomcat 5.5.6

apache tomcat 5.0.15

apache tomcat 5.0.30

apache tomcat 5.5.15

apache tomcat 5.0.23

apache tomcat 5.0.2

apache tomcat 5.5.5

apache tomcat 5.0.10

apache tomcat 5.0.21

apache tomcat 5.0.26

apache tomcat 5.0.0

apache tomcat 4.1.31

apache tomcat 5.5.3

apache tomcat 5.0.27

apache tomcat 5.0.16

apache tomcat 5.5.9

apache tomcat 5.0.18

apache tomcat 5.5.2

apache tomcat 5.0.28

apache tomcat 5.0.29

apache tomcat 5.5.0

apache tomcat 5.5.13

apache tomcat 4.1.28

apache tomcat 5.0.13

apache tomcat 5.5.8

apache tomcat 5.0.17

apache tomcat 5.5.16

apache tomcat 5.5.17

apache tomcat 5.0.25

apache tomcat 5.0.1

apache tomcat 5.0.11

apache tomcat 5.0.24

apache tomcat 5.0.12

Github Repositories

tag - Web Application Security Scanner tag is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations tag is built on python27 and can run on any platform which has a Python environment Installation $ git clone githubcom/tag888/taggit $ cd tag $ pip install -r requirementstxt $ p

Projes

FrameworkProjes

Sitadel - Web Application Security Scanner Sitadel is basically an update for WAScan making it compatible for python >= 34 It allows more flexibility for you to write new modules and implement new features : Frontend framework detection Content Delivery Network detection Define Risk Level to allow for scans Plugin system Docker image available to build and run Requ

ARC - Vulnerability Scanner █████ ██████ ██████ ██ ██ ██ ██ ██ ███████ ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ ARC Scanner is basically an update for WAScan making it compatible for python >= 34 It allows more flexibili

action

Spaghetti - Web Application Security Scanner Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations Spaghetti is built on python27 and can run on any platform which has a Python environment Installation $ git clone githubcom/m4ll0k/Spaghettigit $ cd Spaghetti $ pip

WebsiteScannerVulnerability

Sitadel - Web Application Security Scanner Sitadel is basically an update for WAScan making it compatible for python >= 34 It allows more flexibility for you to write new modules and implement new features : Frontend framework detection Content Delivery Network detection Define Risk Level to allow for scans Plugin system Docker image available to build and run Requ

Web Application Security Scanner ____ _ _ ____ __ __ __ ____ ( _ \( \/ )(_ _)/ \ / \ ( ) / ___) ) __/ ) / )( ( O )( O )/ (_/\\___ \ (__) (__/ (__) \__/ \__/ \____/(____/ [] Fast and customizable vulnerability scanner based on simple Python Frontend framework detection Content Delivery Network detection De

Sitadel

Web Application Security Scanner

Sitadel - Web Application Security Scanner _ _ _ _____ _ _ _ | |_| |_| | / _____|_) _ | | | | | | ( (____ _ _| |_ _____ __| |_____| | | _ | \____ \| (_ _|____ |/ _ | ___ | | | |_| | _____) ) | | |_/ ___ ( (_| | ____| | | | (______/|_| \__)_____|\____|_____)\_)

a2sv

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability - CVE-2007-1858] Anonymous Cipher - CVE-2012-4929] CRIME(SPDY) - CVE-2014-0160] CCS Injection - CVE-2014-0224] HeartBleed - CVE-2014-3566] SSLv3 POODLE - CVE-2015-0204] FREAK Attack - CVE-2015-4000] LOGJAM Attack - CVE-2016-0800] SSLv2 DROWN B Dev Plan -

a2sv

Escaneo automático a vulnerabilidad de SSL HeartBleed, CCS Injection, SSLv3 POODLE, FREAK

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability - CVE-2007-1858] Anonymous Cipher - CVE-2012-4929] CRIME(SPDY) - CVE-2014-0160] CCS Injection - CVE-2014-0224] HeartBleed - CVE-2014-3566] SSLv3 POODLE - CVE-2015-0204] FREAK Attack - CVE-2015-4000] LOGJAM Attack - CVE-2016-0800] SSLv2 DROWN B Dev Plan -

a2sv

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability - CVE-2007-1858] Anonymous Cipher - CVE-2012-4929] CRIME(SPDY) - CVE-2014-0160] CCS Injection - CVE-2014-0224] HeartBleed - CVE-2014-3566] SSLv3 POODLE - CVE-2015-0204] FREAK Attack - CVE-2015-4000] LOGJAM Attack - CVE-2016-0800] SSLv2 DROWN

script_a2sv

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability - CVE-2007-1858] Anonymous Cipher - CVE-2012-4929] CRIME(SPDY) - CVE-2014-0160] CCS Injection - CVE-2014-0224] HeartBleed - CVE-2014-3566] SSLv3 POODLE - CVE-2015-0204] FREAK Attack - CVE-2015-4000] LOGJAM Attack - CVE-2016-0800] SSLv2 DROWN B Dev Plan -

a2sv

Auto Scanning to SSL Vulnerability

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability - CVE-2007-1858] Anonymous Cipher - CVE-2012-4929] CRIME(SPDY) - CVE-2014-0160] CCS Injection - CVE-2014-0224] HeartBleed - CVE-2014-3566] SSLv3 POODLE - CVE-2015-0204] FREAK Attack - CVE-2015-4000] LOGJAM Attack - CVE-2016-0800] SSLv2 DROWN B Dev Plan -

a2sv

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SDPY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN B Dev Plan [PLAN

sslscanner

1 A2SV? Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc A Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SDPY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN B Dev Plan [PLAN

A2SV--SSL-VUL-Scan

A2SV = Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SPDY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 D…

A2SV--SSL-VUL-Scan A2SV = Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK etc Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SPDY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN Installat

References

NVD-CWE-Otherhttp://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2007-206.htmhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.htmlhttp://www.securityfocus.com/bid/28482http://secunia.com/advisories/29392http://osvdb.org/34882http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://secunia.com/advisories/33668http://www.vupen.com/english/advisories/2009/0233http://www.vupen.com/english/advisories/2007/1729http://secunia.com/advisories/44183http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securityfocus.com/bid/64758http://marc.info/?l=bugtraq&m=133114899904925&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/34212http://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://github.com/tag888/tag123https://github.com/emarexteam/Projeshttps://nvd.nist.govhttps://www.securityfocus.com/bid/28482http://tools.cisco.com/security/center/viewAlert.x?alertId=32440
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
elevation of privilegeCVE-2022-42331CVE-2023-24709CVE-2023-27569open redirectinjectionCVE-2023-27087
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook