Test ID:	1.3.6.1.4.1.25623.1.0.108147
Category:	SSL and TLS
Title:	SSL/TLS: Report 'Anonymous' Cipher Suites
Summary:	This routine reports all 'Anonymous' SSL/TLS cipher suites; accepted by a service.
Description:	Summary: This routine reports all 'Anonymous' SSL/TLS cipher suites accepted by a service. Vulnerability Insight: Services supporting 'Anonymous' cipher suites could allow a client to negotiate an SSL/TLS connection to the host without any authentication of the remote endpoint. Vulnerability Impact: This could allow remote attackers to obtain sensitive information or have other, unspecified impacts. Affected Software/OS: All services providing an encrypted communication using 'Anonymous' SSL/TLS cipher suites. Solution: The configuration of this services should be changed so that it does not accept the listed 'Anonymous' cipher suites anymore. Please see the references for more resources supporting you in this task. CVSS Score: 5.4 CVSS Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1858 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities http://www.securityfocus.com/archive/1/500396/100/0/threaded 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) http://www.securityfocus.com/archive/1/500412/100/0/threaded 28482 http://www.securityfocus.com/bid/28482 29392 http://secunia.com/advisories/29392 33668 http://secunia.com/advisories/33668 34882 http://osvdb.org/34882 44183 http://secunia.com/advisories/44183 64758 http://www.securityfocus.com/bid/64758 ADV-2007-1729 http://www.vupen.com/english/advisories/2007/1729 ADV-2009-0233 http://www.vupen.com/english/advisories/2009/0233 HPSBMU02744 http://marc.info/?l=bugtraq&m=133114899904925&w=2 SSRT100776 SUSE-SR:2008:007 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html tomcat-ssl-security-bypass(34212) https://exchange.xforce.ibmcloud.com/vulnerabilities/34212 Common Vulnerability Exposure (CVE) ID: CVE-2014-0351 BugTraq ID: 69754 http://www.securityfocus.com/bid/69754 CERT/CC vulnerability note: VU#730964 http://www.kb.cert.org/vuls/id/730964 XForce ISS Database: fortios-cve20140351-mitm(96119) https://exchange.xforce.ibmcloud.com/vulnerabilities/96119
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.