Lucene search
K

19 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2018-0150)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.03594EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2019:14014-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS6.7AI score0.04199EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/04/10 12:0 a.m.42 views

SUSE SLES11 Security Update : libtcnative-1-0 (SUSE-SU-2019:14014-1)

This update for libtcnative-1-0 to version 1.1.34 fixes the following issues : CVE-2017-15698: Fixed an improper handling of fields with more than 127 bytes which could allow invalid client certificates to be accepted bsc1078679. CVE-2018-8019: When using an OCSP responder did not correctly handl...

7.4CVSS6.6AI score0.04199EPSS
Exploits0References11
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:43 a.m.43 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony, IBM Spectrum Symphony (CVE-2017-15698, CVE-2017-15706, CVE-2018-1323, CVE-2018-1305, CVE-2018-1304)

Summary This interim fix provides instructions on upgrading Apache Tomcat from v5.5.36 to v7.0.88 in IBM Platform Symphony 6.1.1 and from v6.0.43 to v8.5.31 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address a security vulnerability in Tomcat CVE-2017-15698, CVE-2017-15706, CVE-2018-1323...

7.5CVSS7AI score0.44244EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/03/09 12:0 a.m.133 views

Amazon Linux AMI : tomcat-native (ALAS-2018-965)

Mishandling of client certificates can allow for OCSP check bypass : When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip...

5.9CVSS6.3AI score0.03594EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/03/08 12:0 a.m.193 views

RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 2 (RHSA-2018:0466)

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

8.1CVSS7.1AI score0.99988EPSS
Exploits41References16
RedHat Linux
RedHat Linux
added 2018/03/07 3:21 p.m.155 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

8.1CVSS7.1AI score0.99988EPSS
Exploits41References9
RedHat Linux
RedHat Linux
added 2018/03/07 3:9 p.m.137 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update

An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

8.1CVSS7.1AI score0.99988EPSS
Exploits41References12
Debian
Debian
added 2018/02/17 1:58 p.m.31 views

[SECURITY] [DSA 4118-1] tomcat-native security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4118-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2018 https://www.debian.org/security/faq -...

5.9CVSS6.1AI score0.03594EPSS
Exploits0
Debian
Debian
added 2018/02/17 1:58 p.m.32 views

[SECURITY] [DSA 4118-1] tomcat-native security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4118-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2018 https://www.debian.org/security/faq -...

4.3CVSS1.4AI score0.03594EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/02/16 12:0 a.m.45 views

Debian: Security Advisory (DSA-4118-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.03594EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/02/12 12:0 a.m.33 views

Fedora 27 : tomcat-native (2018-7b1517bc6e)

Security fix for CVE-2017-15698 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

5.9CVSS6.3AI score0.03594EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/02/10 12:0 a.m.37 views

Fedora Update for tomcat-native FEDORA-2018-7b1517bc6e

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.03594EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2018/02/01 5:49 a.m.26 views

CVE-2017-15698

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates th...

5.9CVSS1.8AI score0.03594EPSS
Exploits0References1
NVD
NVD
added 2018/01/31 2:29 p.m.19 views

CVE-2017-15698

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates th...

5.9CVSS5.7AI score0.03594EPSS
Exploits0References10
OSV
OSV
added 2018/01/31 2:29 p.m.9 views

CVE-2017-15698

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates th...

5.9CVSS6.1AI score
Exploits0References10
Cvelist
Cvelist
added 2018/01/31 2:0 p.m.22 views

CVE-2017-15698

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates th...

6AI score0.03594EPSS
Exploits0References10
CVE
CVE
added 2018/01/31 2:0 p.m.114 views

CVE-2017-15698

CVE-2017-15698 affects the Apache Tomcat Native Connector (tomcat-native library). It arises from improper handling of AIA-Extension fields longer than 127 bytes, causing the OCSP check to be skipped and potentially allowing invalid client certificates to be accepted. Confirmed fixes appear in up...

5.9CVSS5.9AI score0.03594EPSS
Exploits0References10Affected Software1
Apache Tomcat
Apache Tomcat
added 2018/01/31 12:0 a.m.29 views

Fixed in Apache Tomcat Native Connector 1.2.16

Note: The issue below was fixed in Apache Tomcat Native Connector 1.2.15 but the release vote for the 1.2.15 release candidate did not pass. Therefore, although users must download 1.2.16 to obtain a version that includes the fix for this issue, version 1.2.15 is not included in the list of...

5.9CVSS5.8AI score0.03594EPSS
Exploits0Affected Software1
Rows per page
Query Builder