Hello all,
there are some vulnerability existing on my server:
SSL Server Allows Cleartext Communication Vulnerability
soultion provided by the team was:
SOLUTION:
Disable support for anonymous authentication.
SOLUTION:
Disable ciphers which support cleartext communication.
These vulnerabilities still exist on my server as the modifications done on the
configuration file ssl.conf was meant for httpd service which is not being used
in my server.
Ports 443 & 8443 where the vulnerabilities were detected are used by the Tomcat
service running on my server.
Can someone help me identify the place in server.xml file to avoid these
vulnerabilties.
regards
Sunil C
See the Web's breaking stories, chosen by people like you. Check out
Yahoo! Buzz. http://in.buzz.yahoo.com/
