Lucene search
+L

164 matches found

RedHat Linux
RedHat Linux
added 2018/08/16 3:1 p.m.4 views

tomcat-native: Mishandled OCSP invalid response

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

7.4CVSS7.1AI score0.04068EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2018/08/16 3:1 p.m.3 views

tomcat-native: Mishandled OCSP responses can allow clients to authenticate with revoked certificates

When using pre-produced responses from an OCSP responder, Tomcat Native did not correctly validate the status of certificates. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual...

7.4CVSS7.1AI score0.04199EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2018/08/16 2:50 p.m.134 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 4 security and bug fix update

An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS7AI score0.21979EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2018/08/16 2:50 p.m.3 views

tomcat-native: Mishandled OCSP invalid response

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

7.4CVSS7.1AI score0.04068EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2018/08/16 2:50 p.m.4 views

tomcat-native: Mishandled OCSP responses can allow clients to authenticate with revoked certificates

When using pre-produced responses from an OCSP responder, Tomcat Native did not correctly validate the status of certificates. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual...

7.4CVSS7.1AI score0.04199EPSS
Exploits0References6
CNVD
CNVD
added 2018/08/02 12:0 a.m.6 views

Apache Tomcat Native Authentication Vulnerability

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems.Apache Tomcat Native is a support for the use of native...

7.4CVSS7.5AI score0.04068EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/02 12:0 a.m.7 views

Apache Tomcat Native Authentication Vulnerability (CNVD-2018-15547)

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems.Apache Tomcat Native is a support for the use of native...

7.4CVSS7.5AI score0.04199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2018/08/01 4:23 a.m.35 views

CVE-2018-8020

When using pre-produced responses from an OCSP responder, Tomcat Native did not correctly validate the status of certificates. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual...

7.4CVSS3.3AI score0.04199EPSS
Exploits0References2
NVD
NVD
added 2018/07/31 1:29 p.m.25 views

CVE-2018-8020

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate wit...

7.4CVSS7.3AI score0.04199EPSS
Exploits0References13
NVD
NVD
added 2018/07/31 1:29 p.m.22 views

CVE-2018-8019

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

7.4CVSS7.3AI score0.04068EPSS
Exploits0References10
OSV
OSV
added 2018/07/31 1:29 p.m.4 views

DEBIAN-CVE-2018-8019

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

7.4CVSS7.3AI score0.04068EPSS
Exploits0References1
Prion
Prion
added 2018/07/31 1:29 p.m.24 views

Design/Logic Flaw

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate wit...

4.3CVSS7.3AI score0.04199EPSS
Exploits0References13Affected Software2
OSV
OSV
added 2018/07/31 1:29 p.m.9 views

CVE-2018-8020

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate wit...

7.4CVSS7.4AI score
Exploits0References13
UbuntuCve
UbuntuCve
added 2018/07/31 1:29 p.m.31 views

CVE-2018-8020

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate wit...

7.4CVSS7.1AI score0.04199EPSS
Exploits0References3
OSV
OSV
added 2018/07/31 1:29 p.m.3 views

DEBIAN-CVE-2018-8020

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate wit...

7.4CVSS6.9AI score0.04199EPSS
Exploits0References1
OSV
OSV
added 2018/07/31 1:29 p.m.3 views

UBUNTU-CVE-2018-8019

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

7.4CVSS6.8AI score0.04068EPSS
Exploits0References4
OSV
OSV
added 2018/07/31 1:29 p.m.3 views

UBUNTU-CVE-2018-8020

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate wit...

7.4CVSS7.1AI score0.04199EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/07/31 1:0 p.m.30 views

CVE-2018-8020

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate wit...

7.3AI score0.04199EPSS
Exploits0References13
Debian CVE
Debian CVE
added 2018/07/31 1:0 p.m.56 views

CVE-2018-8020

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate wit...

7.4CVSS7.5AI score0.04199EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/07/31 1:0 p.m.60 views

CVE-2018-8019

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

7.4CVSS7.5AI score0.04068EPSS
Exploits0
Rows per page
Query Builder