2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
5.9 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.2%
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
marc.info/?l=bugtraq&m=133114899904925&w=2
osvdb.org/34882
secunia.com/advisories/29392
secunia.com/advisories/33668
secunia.com/advisories/44183
support.avaya.com/elmodocs2/security/ASA-2007-206.htm
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
www.securityfocus.com/archive/1/500396/100/0/threaded
www.securityfocus.com/archive/1/500412/100/0/threaded
www.securityfocus.com/bid/28482
www.securityfocus.com/bid/64758
www.vupen.com/english/advisories/2007/1729
www.vupen.com/english/advisories/2009/0233
exchange.xforce.ibmcloud.com/vulnerabilities/34212
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E