ID de Prueba:	1.3.6.1.4.1.25623.1.0.108147
Categoría:	SSL and TLS
Título:	SSL/TLS: Report 'Anonymous' Cipher Suites
Resumen:	This routine reports all 'Anonymous' SSL/TLS cipher suites; accepted by a service.
Descripción:	Summary: This routine reports all 'Anonymous' SSL/TLS cipher suites accepted by a service. Vulnerability Insight: Services supporting 'Anonymous' cipher suites could allow a client to negotiate an SSL/TLS connection to the host without any authentication of the remote endpoint. Vulnerability Impact: This could allow remote attackers to obtain sensitive information or have other, unspecified impacts. Affected Software/OS: All services providing an encrypted communication using 'Anonymous' SSL/TLS cipher suites. Solution: The configuration of this services should be changed so that it does not accept the listed 'Anonymous' cipher suites anymore. Please see the references for more resources supporting you in this task. CVSS Score: 5.4 CVSS Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1858 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities http://www.securityfocus.com/archive/1/500396/100/0/threaded 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) http://www.securityfocus.com/archive/1/500412/100/0/threaded 28482 http://www.securityfocus.com/bid/28482 29392 http://secunia.com/advisories/29392 33668 http://secunia.com/advisories/33668 34882 http://osvdb.org/34882 44183 http://secunia.com/advisories/44183 64758 http://www.securityfocus.com/bid/64758 ADV-2007-1729 http://www.vupen.com/english/advisories/2007/1729 ADV-2009-0233 http://www.vupen.com/english/advisories/2009/0233 HPSBMU02744 http://marc.info/?l=bugtraq&m=133114899904925&w=2 SSRT100776 SUSE-SR:2008:007 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html tomcat-ssl-security-bypass(34212) https://exchange.xforce.ibmcloud.com/vulnerabilities/34212 Common Vulnerability Exposure (CVE) ID: CVE-2014-0351 BugTraq ID: 69754 http://www.securityfocus.com/bid/69754 CERT/CC vulnerability note: VU#730964 http://www.kb.cert.org/vuls/id/730964 XForce ISS Database: fortios-cve20140351-mitm(96119) https://exchange.xforce.ibmcloud.com/vulnerabilities/96119
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.