The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
osvdb.org/34882
secunia.com/advisories/29392
secunia.com/advisories/33668
secunia.com/advisories/44183
support.avaya.com/elmodocs2/security/ASA-2007-206.htm
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
www.securityfocus.com/archive/1/500396/100/0/threaded
www.securityfocus.com/archive/1/500412/100/0/threaded
www.securityfocus.com/bid/28482
www.securityfocus.com/bid/64758
www.vupen.com/english/advisories/2007/1729
www.vupen.com/english/advisories/2009/0233
exchange.xforce.ibmcloud.com/vulnerabilities/34212
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
marc.info/?l=bugtraq&m=133114899904925&w=2