Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-8019

Опубликовано: 31 июл. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 7.4

Описание

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

РелизСтатусПримечание
bionic

not-affected

1.2.17-1
cosmic

not-affected

1.2.17-1
devel

not-affected

1.2.17-1
disco

not-affected

1.2.17-1
eoan

not-affected

1.2.17-1
esm-apps/bionic

not-affected

1.2.17-1
esm-apps/focal

not-affected

1.2.17-1
esm-apps/jammy

not-affected

1.2.17-1
esm-apps/noble

not-affected

1.2.17-1
esm-apps/xenial

needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 75%
0.00897
Низкий

4.3 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-8019

CVSS3: 5.9
redhat
больше 7 лет назад

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

nvd логотип

CVE-2018-8019

CVSS3: 7.4
nvd
больше 7 лет назад

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

debian логотип

CVE-2018-8019

CVSS3: 7.4
debian
больше 7 лет назад

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and ...

github логотип

GHSA-w5fc-h82j-vq6w

CVSS3: 7.4
github
больше 3 лет назад

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

suse-cvrf логотип

SUSE-SU-2019:14014-1

suse-cvrf
почти 7 лет назад

Security update for libtcnative-1-0

EPSS

Процентиль: 75%
0.00897
Низкий

4.3 Medium

CVSS2

7.4 High

CVSS3