Certificate Validation Bypass

2019-05-1602:30:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Apache Tomcat Native Connector is vulnerable to certificate validation bypass. A remote unauthenticated attacker can create a client certificate with a specially crafted AIA-Extension field that, when parsed by Tomcat Native, will trigger a parser error and cause the OCSP check to be skipped allowing the malicious user to bypass security controls on the target system.

CPENameOperatorVersion
tomcat7eq7.0.54__28_patch_05.ep6.el6
tomcat7eq7.0.30__5_patch_02.ep6.el6
tomcat7eq7.0.54__21_patch_05.ep6.el6
tomcat7eq7.0.54__7_patch_02.ep6.el6
tomcat7eq7.0.59__26_patch_00.ep7.el6
tomcat7eq7.0.54__4_patch_02.ep6.el7
tomcat7eq7.0.70__16.ep7.el7
tomcat7eq7.0.70__22.ep7.el6
tomcat7eq7.0.40__5_patch_01.ep6.el6
tomcat7eq7.0.54__6_patch_02.ep6.el6

Name	Operator	Version
tomcat7	eq	7.0.54__28_patch_05.ep6.el6
tomcat7	eq	7.0.30__5_patch_02.ep6.el6
tomcat7	eq	7.0.54__21_patch_05.ep6.el6
tomcat7	eq	7.0.54__7_patch_02.ep6.el6
tomcat7	eq	7.0.59__26_patch_00.ep7.el6
tomcat7	eq	7.0.54__4_patch_02.ep6.el7
tomcat7	eq	7.0.70__16.ep7.el7
tomcat7	eq	7.0.70__22.ep7.el6
tomcat7	eq	7.0.40__5_patch_01.ep6.el6
tomcat7	eq	7.0.54__6_patch_02.ep6.el6