Vulnerabilities > CVE-2007-1858 - Unspecified vulnerability in Apache Tomcat
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
Vulnerable Configurations
Nessus
NASL family Web Servers NASL id TOMCAT_4_1_32.NASL description According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.32. It is, therefore, affected by the following vulnerabilities : - The remote Apache Tomcat install is vulnerable to a denial of service attack. If directory listing is enabled, function calls to retrieve the contents of large directories can degrade performance. (CVE-2005-3510) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP examples are enabled. Several of these JSP examples do not properly validate user input. (CVE-2005-4838) - The remote Apache Tomcat install allows remote users to list the contents of a directory by placing a semicolon before a filename with a mapped extension. (CVE-2006-3835) - If enabled, the JSP calendar example application is vulnerable to a cross-site scripting attack because user input is not properly validated. (CVE-2006-7196) - The remote Apache Tomcat install, in its default configuration, permits the use of insecure ciphers when using SSL. (CVE-2007-1858) - The remote Apache Tomcat install may be vulnerable to an information disclosure attack by allowing requests from a non-permitted IP address to gain access to a context that is protected with a valve that extends RequestFilterValve. (CVE-2008-3271) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-03-18 modified 2010-06-16 plugin id 47029 published 2010-06-16 reporter This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47029 title Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(47029); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11"); script_cve_id( "CVE-2005-3510", "CVE-2005-4838", "CVE-2006-3835", "CVE-2006-7196", "CVE-2007-1858", "CVE-2008-3271" ); script_bugtraq_id(15325, 19106, 25531, 28482, 31698); script_xref(name:"Secunia", value:"13737"); script_xref(name:"Secunia", value:"17416"); script_xref(name:"Secunia", value:"32213"); script_name(english:"Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities"); script_summary(english:"Checks the Apache Tomcat version."); script_set_attribute(attribute:"synopsis", value: "The remote Apache Tomcat server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.32. It is, therefore, affected by the following vulnerabilities : - The remote Apache Tomcat install is vulnerable to a denial of service attack. If directory listing is enabled, function calls to retrieve the contents of large directories can degrade performance. (CVE-2005-3510) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP examples are enabled. Several of these JSP examples do not properly validate user input. (CVE-2005-4838) - The remote Apache Tomcat install allows remote users to list the contents of a directory by placing a semicolon before a filename with a mapped extension. (CVE-2006-3835) - If enabled, the JSP calendar example application is vulnerable to a cross-site scripting attack because user input is not properly validated. (CVE-2006-7196) - The remote Apache Tomcat install, in its default configuration, permits the use of insecure ciphers when using SSL. (CVE-2007-1858) - The remote Apache Tomcat install may be vulnerable to an information disclosure attack by allowing requests from a non-permitted IP address to gain access to a context that is protected with a valve that extends RequestFilterValve. (CVE-2008-3271) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.32"); script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=25835"); script_set_attribute(attribute:"solution", value:"Upgrade to Apache Tomcat version 4.1.32 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2005-3510"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79, 264); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/03"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/16"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin"); script_require_keys("installed_sw/Apache Tomcat"); exit(0); } include("tomcat_version.inc"); tomcat_check_version(fixed:"4.1.32", min:"4.0.0", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:"^4(\.1)?$");NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_JK-5066.NASL description This update of tomcat improves the list of supported SSL ciphers (CVE-2007-1858). last seen 2020-06-01 modified 2020-06-02 plugin id 31673 published 2008-03-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31673 title openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-5066) NASL family SuSE Local Security Checks NASL id SUSE_TOMCAT5-5070.NASL description This update of tomcat fixes cross-site scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers. (CVE-2007-1858) last seen 2020-06-01 modified 2020-06-02 plugin id 31674 published 2008-03-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31674 title SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5070) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1069.NASL description Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. It was reported Tomcat did not properly handle the following character sequence in a cookie: \ last seen 2020-06-01 modified 2020-06-02 plugin id 43834 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43834 title RHEL 3 / 4 : tomcat in Satellite Server (RHSA-2007:1069) NASL family SuSE Local Security Checks NASL id SUSE_TOMCAT5-5071.NASL description This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers (CVE-2007-1858). last seen 2020-06-01 modified 2020-06-02 plugin id 31675 published 2008-03-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31675 title openSUSE 10 Security Update : tomcat5 (tomcat5-5071) NASL family Service detection NASL id SSL_ANON_CIPHERS.NASL description The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host last seen 2020-04-07 modified 2008-03-28 plugin id 31705 published 2008-03-28 reporter This script is Copyright (C) 2008-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31705 title SSL Anonymous Cipher Suites Supported NASL family SuSE Local Security Checks NASL id SUSE_TOMCAT55-5069.NASL description This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers (CVE-2007-1858). last seen 2020-06-01 modified 2020-06-02 plugin id 31698 published 2008-03-28 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31698 title openSUSE 10 Security Update : tomcat55 (tomcat55-5069) NASL family SuSE Local Security Checks NASL id SUSE9_12116.NASL description This update of Tomcat fixes cross-site scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers. (CVE-2007-1858) last seen 2020-06-01 modified 2020-06-02 plugin id 41202 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41202 title SuSE9 Security Update : Tomcat (YOU Patch Number 12116)
Redhat
| rpms |
|
References
- http://tomcat.apache.org/security-4.html
- http://tomcat.apache.org/security-5.html
- http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
- http://www.securityfocus.com/bid/28482
- http://secunia.com/advisories/29392
- http://osvdb.org/34882
- http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
- http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
- http://secunia.com/advisories/33668
- http://www.vupen.com/english/advisories/2009/0233
- http://www.vupen.com/english/advisories/2007/1729
- http://secunia.com/advisories/44183
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/64758
- http://marc.info/?l=bugtraq&m=133114899904925&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34212
- http://www.securityfocus.com/archive/1/500412/100/0/threaded
- http://www.securityfocus.com/archive/1/500396/100/0/threaded
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E