The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
2007-05-10T00:19:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 2.6 (LOW)
AV:N/AC:H/Au:N/C:P/I:N/A:N
4.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | apache | tomcat | 4.1.28 | Yes |
| Application | apache | tomcat | 4.1.31 | Yes |
| Application | apache | tomcat | 5.0.0 | Yes |
| Application | apache | tomcat | 5.0.1 | Yes |
| Application | apache | tomcat | 5.0.2 | Yes |
| Application | apache | tomcat | 5.0.10 | Yes |
| Application | apache | tomcat | 5.0.11 | Yes |
| Application | apache | tomcat | 5.0.12 | Yes |
| Application | apache | tomcat | 5.0.13 | Yes |
| Application | apache | tomcat | 5.0.14 | Yes |
| Application | apache | tomcat | 5.0.15 | Yes |
| Application | apache | tomcat | 5.0.16 | Yes |
| Application | apache | tomcat | 5.0.17 | Yes |
| Application | apache | tomcat | 5.0.18 | Yes |
| Application | apache | tomcat | 5.0.19 | Yes |
| Application | apache | tomcat | 5.0.21 | Yes |
| Application | apache | tomcat | 5.0.22 | Yes |
| Application | apache | tomcat | 5.0.23 | Yes |
| Application | apache | tomcat | 5.0.24 | Yes |
| Application | apache | tomcat | 5.0.25 | Yes |
| Application | apache | tomcat | 5.0.26 | Yes |
| Application | apache | tomcat | 5.0.27 | Yes |
| Application | apache | tomcat | 5.0.28 | Yes |
| Application | apache | tomcat | 5.0.29 | Yes |
| Application | apache | tomcat | 5.0.30 | Yes |
| Application | apache | tomcat | 5.5.0 | Yes |
| Application | apache | tomcat | 5.5.1 | Yes |
| Application | apache | tomcat | 5.5.2 | Yes |
| Application | apache | tomcat | 5.5.3 | Yes |
| Application | apache | tomcat | 5.5.4 | Yes |
| Application | apache | tomcat | 5.5.5 | Yes |
| Application | apache | tomcat | 5.5.6 | Yes |
| Application | apache | tomcat | 5.5.7 | Yes |
| Application | apache | tomcat | 5.5.8 | Yes |
| Application | apache | tomcat | 5.5.9 | Yes |
| Application | apache | tomcat | 5.5.10 | Yes |
| Application | apache | tomcat | 5.5.11 | Yes |
| Application | apache | tomcat | 5.5.12 | Yes |
| Application | apache | tomcat | 5.5.13 | Yes |
| Application | apache | tomcat | 5.5.14 | Yes |
| Application | apache | tomcat | 5.5.15 | Yes |
| Application | apache | tomcat | 5.5.16 | Yes |
| Application | apache | tomcat | 5.5.17 | Yes |