JVN Info.

Id
54029  
Name
JVNDB-2007-002721  
Title
Arbor Networks Peakflow SP におけるクロスサイトスクリプティングの脆弱性  
Summary
Arbor Networks Peakflow SP は、スコープアカウントが有効になっている際、クロスサイトスクリプティングの脆弱性が存在します。  
Nvdinfo
CVE-2007-5211  
Cvssv2
4.3  
Jvnurl
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002721.html  
Published Date
2007-10-04  
Registered Date
2012-06-26  
Last Updated Date
2012-06-26  

Actions

Related Nessuslogs

Id Log ID Jvninfo Id Plugin ID CVE CVSS Risk Host Protocol Port Name Synopsis Description Solution See Also Plugin Output Actions
7212 H28-MOJ-Online-Nara-16-seg-1-20161126-soga_ubl064.csv 54029 31705 CVE-2007-1858 2.6 Low 172.27.137.63 tcp 3170 SSL Anonymous Cipher Suites Supported The remote service supports the use of anonymous SSL ciphers. The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host"s identity and renders the service vulnerable to a man-in-the-middle attack. Note: This is considerably easier to exploit if the attacker is on the same physical network. Reconfigure the affected application if possible to avoid use of weak ciphers. http://www.openssl.org/docs/apps/ciphers.html Here is the list of SSL anonymous ciphers supported by the remote server : Null Ciphers (no encryption) TLSv1 AECDH-NULL-SHA Kx=ECDH Au=None Enc=None Mac=SHA1 High Strength Ciphers (>= 112-bit key) TLSv1 AECDH-RC4-SHA Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}
7981 H28-MOJ-Online-Nara-16-seg-1-20161126-soga_ubl064.csv 54029 31705 CVE-2007-1858 2.6 Low 172.27.137.70 tcp 443 SSL Anonymous Cipher Suites Supported The remote service supports the use of anonymous SSL ciphers. The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host"s identity and renders the service vulnerable to a man-in-the-middle attack. Note: This is considerably easier to exploit if the attacker is on the same physical network. Reconfigure the affected application if possible to avoid use of weak ciphers. http://www.openssl.org/docs/apps/ciphers.html Here is the list of SSL anonymous ciphers supported by the remote server : High Strength Ciphers (>= 112-bit key) TLSv1 AECDH-AES256-SHA Kx=ECDH Au=None Enc=AES-CBC(256) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}
30610 H28-MOJ-Online-Funa-12-seg-v1-161103.csv 54029 31705 CVE-2007-1858 2.6 Low 172.27.9.63 tcp 3170 SSL Anonymous Cipher Suites Supported The remote service supports the use of anonymous SSL ciphers. The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host"s identity and renders the service vulnerable to a man-in-the-middle attack. Note: This is considerably easier to exploit if the attacker is on the same physical network. Reconfigure the affected application if possible to avoid use of weak ciphers. http://www.openssl.org/docs/apps/ciphers.html Here is the list of SSL anonymous ciphers supported by the remote server : Null Ciphers (no encryption) TLSv1 AECDH-NULL-SHA Kx=ECDH Au=None Enc=None Mac=SHA1 High Strength Ciphers (>= 112-bit key) TLSv1 AECDH-RC4-SHA Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}
31336 H28-MOJ-Online-Funa-12-seg-v1-161103.csv 54029 31705 CVE-2007-1858 2.6 Low 172.27.9.70 tcp 443 SSL Anonymous Cipher Suites Supported The remote service supports the use of anonymous SSL ciphers. The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host"s identity and renders the service vulnerable to a man-in-the-middle attack. Note: This is considerably easier to exploit if the attacker is on the same physical network. Reconfigure the affected application if possible to avoid use of weak ciphers. http://www.openssl.org/docs/apps/ciphers.html Here is the list of SSL anonymous ciphers supported by the remote server : High Strength Ciphers (>= 112-bit key) TLSv1 AECDH-AES256-SHA Kx=ECDH Au=None Enc=AES-CBC(256) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}