Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.108147
Category:SSL and TLS
Title:SSL/TLS: Report 'Anonymous' Cipher Suites
Summary:This routine reports all 'Anonymous' SSL/TLS cipher suites accepted by a service.
Description:Summary:
This routine reports all 'Anonymous' SSL/TLS cipher suites accepted by a service.

Vulnerability Insight:
Services supporting 'Anonymous' cipher suites could allow a client to negotiate a
SSL/TLS connection to the host without any authentication of the remote endpoint.

Vulnerability Impact:
This could allow remote attackers to obtain sensitive information
or have other, unspecified impacts.

Solution:
The configuration of this services should be changed so
that it does not accept the listed 'Anonymous' cipher suites anymore.

Please see the references for more resources supporting you in this task.

CVSS Score:
5.4

CVSS Vector:
AV:A/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 28482
BugTraq ID: 69754
Common Vulnerability Exposure (CVE) ID: CVE-2007-1858
http://www.securityfocus.com/bid/28482
BugTraq ID: 64758
http://www.securityfocus.com/bid/64758
Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/500396/100/0/threaded
Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search)
http://www.securityfocus.com/archive/1/500412/100/0/threaded
HPdes Security Advisory: HPSBMU02744
http://marc.info/?l=bugtraq&m=133114899904925&w=2
HPdes Security Advisory: SSRT100776
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
http://osvdb.org/34882
http://secunia.com/advisories/29392
http://secunia.com/advisories/33668
http://secunia.com/advisories/44183
SuSE Security Announcement: SUSE-SR:2008:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
http://www.vupen.com/english/advisories/2007/1729
http://www.vupen.com/english/advisories/2009/0233
XForce ISS Database: tomcat-ssl-security-bypass(34212)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34212
Common Vulnerability Exposure (CVE) ID: CVE-2014-0351
http://www.securityfocus.com/bid/69754
CERT/CC vulnerability note: VU#730964
http://www.kb.cert.org/vuls/id/730964
XForce ISS Database: fortios-cve20140351-mitm(96119)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96119
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.