CVE-2007-1858

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

Published: May 10, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-1858
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apache / tomcat	5.0.19	5.0.19.x
apache / tomcat	5.5.12	5.5.12.x
apache / tomcat	5.0.14	5.0.14.x
apache / tomcat	5.5.14	5.5.14.x
apache / tomcat	5.5.10	5.5.10.x
apache / tomcat	5.0.22	5.0.22.x
apache / tomcat	5.5.4	5.5.4.x
apache / tomcat	5.5.7	5.5.7.x
apache / tomcat	5.5.1	5.5.1.x
apache / tomcat	5.5.11	5.5.11.x
apache / tomcat	5.5.6	5.5.6.x
apache / tomcat	5.0.15	5.0.15.x
apache / tomcat	5.0.30	5.0.30.x
apache / tomcat	5.5.15	5.5.15.x
apache / tomcat	5.0.23	5.0.23.x
apache / tomcat	5.0.2	5.0.2.x
apache / tomcat	5.5.5	5.5.5.x
apache / tomcat	5.0.10	5.0.10.x
apache / tomcat	5.0.21	5.0.21.x
apache / tomcat	5.0.26	5.0.26.x
apache / tomcat	5.0.0	5.0.0.x
apache / tomcat	4.1.31	4.1.31.x
apache / tomcat	5.5.3	5.5.3.x
apache / tomcat	5.0.27	5.0.27.x
apache / tomcat	5.0.16	5.0.16.x
apache / tomcat	5.5.9	5.5.9.x
apache / tomcat	5.0.18	5.0.18.x
apache / tomcat	5.5.2	5.5.2.x
apache / tomcat	5.0.28	5.0.28.x
apache / tomcat	5.0.29	5.0.29.x
apache / tomcat	5.5.0	5.5.0.x
apache / tomcat	5.5.13	5.5.13.x
apache / tomcat	4.1.28	4.1.28.x
apache / tomcat	5.0.13	5.0.13.x
apache / tomcat	5.5.8	5.5.8.x
apache / tomcat	5.0.17	5.0.17.x
apache / tomcat	5.5.16	5.5.16.x
apache / tomcat	5.5.17	5.5.17.x
apache / tomcat	5.0.25	5.0.25.x
apache / tomcat	5.0.1	5.0.1.x
apache / tomcat	5.0.11	5.0.11.x
apache / tomcat	5.0.24	5.0.24.x
apache / tomcat	5.0.12	5.0.12.x

Vulnerability Database

289,599

CVE-2007-1858