Lucene search
K

10 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.35 views

K10630493: Apache Tomcat vulnerability CVE-2018-8020

Security Advisory Description Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing...

7.4CVSS7AI score0.04199EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.2 views

SUSE CVE-2018-8020

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate wit...

7.1CVSS6.9AI score0.04199EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2019:14014-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS6.7AI score0.04199EPSS
Exploits0References7
Mageia
Mageia
added 2019/05/19 11:27 a.m.45 views

Updated tomcat-native packages fix security vulnerability

When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS CVE-2018-8019. Did not properly check OCSP...

7.4CVSS2.6AI score0.04199EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/04/10 12:0 a.m.42 views

SUSE SLES11 Security Update : libtcnative-1-0 (SUSE-SU-2019:14014-1)

This update for libtcnative-1-0 to version 1.1.34 fixes the following issues : CVE-2017-15698: Fixed an improper handling of fields with more than 127 bytes which could allow invalid client certificates to be accepted bsc1078679. CVE-2018-8019: When using an OCSP responder did not correctly handl...

7.4CVSS6.6AI score0.04199EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2018/08/25 12:0 a.m.34 views

Debian: Security Advisory (DLA-1475-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.6AI score0.04199EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/08/17 12:0 a.m.57 views

RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 4 (RHSA-2018:2469)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2469 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

9.8CVSS7.8AI score0.21979EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2018/08/16 3:1 p.m.166 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 4 security and bug fix update

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7AI score0.21979EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2018/08/16 2:50 p.m.134 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 4 security and bug fix update

An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS7AI score0.21979EPSS
Exploits0References7
CVE
CVE
added 2018/07/31 1:0 p.m.112 views

CVE-2018-8020

CVE-2018-8020 affects Apache Tomcat Native 1.2.0–1.2.16 and 1.1.23–1.1.34. The flaw: OCSP pre-produced responses are not properly checked, so revoked client certificates may not be identified in mutual-TLS connections. This vulnerability is explicitly tied to OCSP checking; systems not using OCSP...

7.4CVSS7.2AI score0.04199EPSS
Exploits0References13Affected Software1
Rows per page
Query Builder