Here are the details of the vulnerability.
Title: SSL/TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)
CVE ID: CVE-2015-0204
Diagnosis: The remote SSL/TLS server accepts RSA_EXPORT cipher suites which is
vulnerable to session downgrade vulnerability.
Result: Exploitation allows an attacker to bypass security restrictions on the
targeted host.
Recommended Solution: Disable RSA_EXPORT cipher suites.
Trying to find how to apply this fix in Tomcat 7. Appreciate your help!
Regards
Srinivasa(Vasu) Penubothu
Mortgage Build & Deployment Team
• MTGBDT SharePoint Site
• MTGBDT Nexus Engagement Link
Division: Mortgage Technology
Phones: 469-201-8855(Work)
214-250-8424(Mobile)
Email: [email protected]
-----Original Message-----
From: Neill Lima [mailto:[email protected]]
Sent: Friday, May 15, 2015 7:15 AM
To: Tomcat Users List
Subject: Re: CVE-2015-0204 - FREAK vulnerability on tomcat 7.
We would love to help but without the bare minimum description we are unable to
do so.
Sorry!
On Fri, May 15, 2015 at 2:10 PM, Penubothu, Srinivasa M <
[email protected]<mailto:[email protected]>>
wrote:
> Hello, I am looking for help with fixing FREAK vulnerability on tomcat 7.
> I am unable to find a solution for tomcat. Any help would be much
> appreciated.
>
> Regards
>
> Srinivasa(Vasu) Penubothu
>
> ----------------------------------------------------------------------
> This message, and any attachments, is for the intended recipient(s)
> only, may contain information that is privileged, confidential and/or
> proprietary and subject to important terms and conditions available at
> http://www.bankofamerica.com/emaildisclaimer. If you are not the
> intended recipient, please delete this message.
>
----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may
contain information that is privileged, confidential and/or proprietary and
subject to important terms and conditions available at
http://www.bankofamerica.com/emaildisclaimer. If you are not the intended
recipient, please delete this message.