Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.108147
Kategorie:SSL and TLS
Titel:SSL/TLS: Report 'Anonymous' Cipher Suites
Zusammenfassung:This routine reports all 'Anonymous' SSL/TLS cipher suites accepted by a service.
Beschreibung:Summary:
This routine reports all 'Anonymous' SSL/TLS cipher suites accepted by a service.

Vulnerability Insight:
Services supporting 'Anonymous' cipher suites could allow a client to negotiate a
SSL/TLS connection to the host without any authentication of the remote endpoint.

Vulnerability Impact:
This could allow remote attackers to obtain sensitive information
or have other, unspecified impacts.

Solution:
The configuration of this services should be changed so
that it does not accept the listed 'Anonymous' cipher suites anymore.

Please see the references for more resources supporting you in this task.

CVSS Score:
5.4

CVSS Vector:
AV:A/AC:M/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 28482
BugTraq ID: 69754
Common Vulnerability Exposure (CVE) ID: CVE-2007-1858
http://www.securityfocus.com/bid/28482
BugTraq ID: 64758
http://www.securityfocus.com/bid/64758
Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/500396/100/0/threaded
Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search)
http://www.securityfocus.com/archive/1/500412/100/0/threaded
HPdes Security Advisory: HPSBMU02744
http://marc.info/?l=bugtraq&m=133114899904925&w=2
HPdes Security Advisory: SSRT100776
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
http://osvdb.org/34882
http://secunia.com/advisories/29392
http://secunia.com/advisories/33668
http://secunia.com/advisories/44183
SuSE Security Announcement: SUSE-SR:2008:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
http://www.vupen.com/english/advisories/2007/1729
http://www.vupen.com/english/advisories/2009/0233
XForce ISS Database: tomcat-ssl-security-bypass(34212)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34212
Common Vulnerability Exposure (CVE) ID: CVE-2014-0351
http://www.securityfocus.com/bid/69754
CERT/CC vulnerability note: VU#730964
http://www.kb.cert.org/vuls/id/730964
XForce ISS Database: fortios-cve20140351-mitm(96119)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96119
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.