RE: CVE-2015-0204 - FREAK vulnerability on tomcat 7.

Fri, 15 May 2015 05:25:03 -0700 

Here are the details of the vulnerability.

Title: SSL/TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)
CVE ID: CVE-2015-0204
Diagnosis: The remote SSL/TLS server accepts RSA_EXPORT cipher suites which is 
vulnerable to session downgrade vulnerability.
Result: Exploitation allows an attacker to bypass security restrictions on the 
targeted host.
Recommended Solution: Disable RSA_EXPORT cipher suites.

Trying to find how to apply this fix in Tomcat 7. Appreciate your help!


Regards

Srinivasa(Vasu) Penubothu

Mortgage Build & Deployment Team
• MTGBDT SharePoint Site
• MTGBDT Nexus Engagement Link
Division: Mortgage Technology
Phones: 469-201-8855(Work)
              214-250-8424(Mobile)
Email: srinivasa.penubo...@bankofamerica.com


-----Original Message-----
From: Neill Lima [mailto:neill.l...@visual-meta.com]
Sent: Friday, May 15, 2015 7:15 AM
To: Tomcat Users List
Subject: Re: CVE-2015-0204 - FREAK vulnerability on tomcat 7.

We would love to help but without the bare minimum description we are unable to 
do so.

Sorry!

On Fri, May 15, 2015 at 2:10 PM, Penubothu, Srinivasa M < 
srinivasa.penubo...@bankofamerica.com<mailto:srinivasa.penubo...@bankofamerica.com>>
 wrote:

> Hello, I am looking for help with fixing FREAK vulnerability on tomcat 7.
> I am unable to find a solution for tomcat. Any help would be much
> appreciated.
>
> Regards
>
> Srinivasa(Vasu) Penubothu
>
> ----------------------------------------------------------------------
> This message, and any attachments, is for the intended recipient(s)
> only, may contain information that is privileged, confidential and/or
> proprietary and subject to important terms and conditions available at
> http://www.bankofamerica.com/emaildisclaimer.   If you are not the
> intended recipient, please delete this message.
>


----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may 
contain information that is privileged, confidential and/or proprietary and 
subject to important terms and conditions available at 
http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended 
recipient, please delete this message.

Reply via email to