Bug#423435: CVE-2007-1858: insecure default SSL cipher
configuration in Apache Tomcat
Stefan Fritsch
sf at sfritsch.de
Fri May 11 20:01:33 UTC 2007
Package: tomcat5
Version: 5.0.30-12
Severity: normal
Tags: security
A vulnerability has been found in Tomcat:
CVE-2007-1858:
"The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31,
5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers,
including the anonymous cipher, which allows remote attackers to obtain
sensitive information or have other, unspecified impacts."
Please mention the CVE id in the changelog.
This also affects tomcat4 in sarge but I doubt a DSA is needed.
More information about the pkg-java-maintainers
mailing list