漏洞信息详情
Apache Tomcat SSL Anonymous Cipher 配置信息泄露漏洞
- CNNVD编号:CNNVD-200705-149
- 危害等级: 高危
- CVE编号: CVE-2007-1858
- 漏洞类型: 其他
- 发布时间: 2007-05-09
- 威胁类型: 远程
- 更新时间: 2019-04-03
- 厂 商: apache
- 漏洞来源: The vendor reporte...
漏洞简介
Apache Tomcat 中的默认的SSL密码配置使用特定的不安全的密码,包括匿名密码,这使得远程攻击者可以获得敏感信息或造成其他未明影响。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://archive.apache.org/dist/tomcat/tomcat-4/v4.1.32/bin/apache-tomcat-4.1.32.zip
http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.20/bin/apache-tomcat-5.5.20.zip
http://archive.apache.org/dist/tomcat/tomcat-5/v5.0.30/bin/jakarta-tomcat-5.0.30.zip
参考网址
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2009/0233
来源:CONFIRM
链接:http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.HTML
来源:HP
链接:http://marc.info/?l=bugtraq&m=133114899904925&w=2
来源:CONFIRM
链接:http://tomcat.apache.org/security-5.HTML
来源:CONFIRM
链接:http://tomcat.apache.org/security-4.HTML
来源:BID
链接:http://www.securityfocus.com/bid/28482
来源:MLIST
链接:https://lists.apache.org/thread.HTML/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
来源:SECUNIA
链接:http://secunia.com/advisories/29392
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/500412/100/0/threaded
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/34212
来源:SECUNIA
链接:http://secunia.com/advisories/33668
来源:CONFIRM
链接:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.HTML
来源:CONFIRM
链接:http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
来源:CONFIRM
链接:http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
来源:SECUNIA
链接:http://secunia.com/advisories/44183
来源:OSVDB
链接:http://osvdb.org/34882
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/500396/100/0/threaded
来源:BID
链接:http://www.securityfocus.com/bid/64758
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2007/1729
受影响实体
- Apache Tomcat:5.5.9
- Apache Tomcat:5.5.8
- Apache Tomcat:5.5.7
- Apache Tomcat:5.5.6
- Apache Tomcat:5.5.5
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论