ID CVE-2018-8034
Summary The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 7.0.35
    cpe:2.3:a:apache:tomcat:7.0.35
  • Apache Software Foundation Tomcat 7.0.36
    cpe:2.3:a:apache:tomcat:7.0.36
  • Apache Software Foundation Tomcat 7.0.37
    cpe:2.3:a:apache:tomcat:7.0.37
  • Apache Software Foundation Tomcat 7.0.38
    cpe:2.3:a:apache:tomcat:7.0.38
  • Apache Software Foundation Tomcat 7.0.39
    cpe:2.3:a:apache:tomcat:7.0.39
  • Apache Software Foundation Tomcat 7.0.40
    cpe:2.3:a:apache:tomcat:7.0.40
  • Apache Software Foundation Tomcat 7.0.41
    cpe:2.3:a:apache:tomcat:7.0.41
  • Apache Software Foundation Tomcat 7.0.42
    cpe:2.3:a:apache:tomcat:7.0.42
  • Apache Software Foundation Tomcat 7.0.43
    cpe:2.3:a:apache:tomcat:7.0.43
  • Apache Software Foundation Tomcat 7.0.44
    cpe:2.3:a:apache:tomcat:7.0.44
  • Apache Software Foundation Tomcat 7.0.45
    cpe:2.3:a:apache:tomcat:7.0.45
  • Apache Software Foundation Tomcat 7.0.46
    cpe:2.3:a:apache:tomcat:7.0.46
  • Apache Software Foundation Tomcat 7.0.47
    cpe:2.3:a:apache:tomcat:7.0.47
  • Apache Software Foundation Tomcat 7.0.48
    cpe:2.3:a:apache:tomcat:7.0.48
  • Apache Software Foundation Tomcat 7.0.49
    cpe:2.3:a:apache:tomcat:7.0.49
  • Apache Software Foundation Tomcat 7.0.50
    cpe:2.3:a:apache:tomcat:7.0.50
  • Apache Software Foundation Tomcat 7.0.51
    cpe:2.3:a:apache:tomcat:7.0.51
  • Apache Software Foundation Tomcat 7.0.52
    cpe:2.3:a:apache:tomcat:7.0.52
  • Apache Software Foundation Tomcat 7.0.53
    cpe:2.3:a:apache:tomcat:7.0.53
  • Apache Software Foundation Tomcat 7.0.54
    cpe:2.3:a:apache:tomcat:7.0.54
  • Apache Software Foundation Tomcat 7.0.55
    cpe:2.3:a:apache:tomcat:7.0.55
  • Apache Software Foundation Tomcat 7.0.56
    cpe:2.3:a:apache:tomcat:7.0.56
  • Apache Software Foundation Tomcat 7.0.57
    cpe:2.3:a:apache:tomcat:7.0.57
  • Apache Software Foundation Tomcat 7.0.58
    cpe:2.3:a:apache:tomcat:7.0.58
  • Apache Tomcat 7.0.59
    cpe:2.3:a:apache:tomcat:7.0.59
  • Apache Software Foundation Tomcat 7.0.60
    cpe:2.3:a:apache:tomcat:7.0.60
  • Apache Tomcat 7.0.61
    cpe:2.3:a:apache:tomcat:7.0.61
  • Apache Tomcat 7.0.62
    cpe:2.3:a:apache:tomcat:7.0.62
  • Apache Tomcat 7.0.63
    cpe:2.3:a:apache:tomcat:7.0.63
  • Apache Tomcat 7.0.64
    cpe:2.3:a:apache:tomcat:7.0.64
  • Apache Software Foundation Tomcat 7.0.65
    cpe:2.3:a:apache:tomcat:7.0.65
  • Apache Software Foundation Tomcat 7.0.66
    cpe:2.3:a:apache:tomcat:7.0.66
  • Apache Software Foundation Tomcat 7.0.67
    cpe:2.3:a:apache:tomcat:7.0.67
  • Apache Software Foundation Tomcat 7.0.68
    cpe:2.3:a:apache:tomcat:7.0.68
  • Apache Software Foundation Tomcat 7.0.69
    cpe:2.3:a:apache:tomcat:7.0.69
  • Apache Software Foundation Tomcat 7.0.70
    cpe:2.3:a:apache:tomcat:7.0.70
  • Apache Software Foundation Tomcat 7.0.71
    cpe:2.3:a:apache:tomcat:7.0.71
  • Apache Software Foundation Tomcat 7.0.72
    cpe:2.3:a:apache:tomcat:7.0.72
  • Apache Software Foundation Tomcat 7.0.73
    cpe:2.3:a:apache:tomcat:7.0.73
  • Apache Software Foundation Tomcat 7.0.74
    cpe:2.3:a:apache:tomcat:7.0.74
  • Apache Software Foundation Tomcat 7.0.75
    cpe:2.3:a:apache:tomcat:7.0.75
  • Apache Software Foundation Tomcat 7.0.76
    cpe:2.3:a:apache:tomcat:7.0.76
  • Apache Software Foundation Tomcat 7.0.77
    cpe:2.3:a:apache:tomcat:7.0.77
  • Apache Software Foundation Tomcat 7.0.78
    cpe:2.3:a:apache:tomcat:7.0.78
  • Apache Software Foundation Tomcat 7.0.79
    cpe:2.3:a:apache:tomcat:7.0.79
  • Apache Software Foundation Tomcat 7.0.80
    cpe:2.3:a:apache:tomcat:7.0.80
  • Apache Software Foundation Tomcat 7.0.81
    cpe:2.3:a:apache:tomcat:7.0.81
  • Apache Software Foundation Tomcat 7.0.82
    cpe:2.3:a:apache:tomcat:7.0.82
  • Apache Software Foundation Tomcat 7.0.83
    cpe:2.3:a:apache:tomcat:7.0.83
  • Apache Software Foundation Tomcat 7.0.84
    cpe:2.3:a:apache:tomcat:7.0.84
  • Apache Software Foundation Tomcat 7.0.85
    cpe:2.3:a:apache:tomcat:7.0.85
  • Apache Software Foundation Tomcat 7.0.86
    cpe:2.3:a:apache:tomcat:7.0.86
  • Apache Software Foundation Tomcat 7.0.87
    cpe:2.3:a:apache:tomcat:7.0.87
  • Apache Software Foundation Tomcat 7.0.88
    cpe:2.3:a:apache:tomcat:7.0.88
  • Apache Software Foundation Tomcat 8.0.0 Release Candidate 1
    cpe:2.3:a:apache:tomcat:8.0.0:rc1
  • Apache Software Foundation Tomcat 8.0.0 release candidate 10
    cpe:2.3:a:apache:tomcat:8.0.0:rc10
  • Apache Software Foundation Tomcat 8.0.0 Release Candidate 2
    cpe:2.3:a:apache:tomcat:8.0.0:rc2
  • cpe:2.3:a:apache:tomcat:8.0.0:rc3
    cpe:2.3:a:apache:tomcat:8.0.0:rc3
  • cpe:2.3:a:apache:tomcat:8.0.0:rc4
    cpe:2.3:a:apache:tomcat:8.0.0:rc4
  • Apache Software Foundation Tomcat 8.0.0 release candidate 5
    cpe:2.3:a:apache:tomcat:8.0.0:rc5
  • cpe:2.3:a:apache:tomcat:8.0.0:rc6
    cpe:2.3:a:apache:tomcat:8.0.0:rc6
  • cpe:2.3:a:apache:tomcat:8.0.0:rc7
    cpe:2.3:a:apache:tomcat:8.0.0:rc7
  • cpe:2.3:a:apache:tomcat:8.0.0:rc8
    cpe:2.3:a:apache:tomcat:8.0.0:rc8
  • cpe:2.3:a:apache:tomcat:8.0.0:rc9
    cpe:2.3:a:apache:tomcat:8.0.0:rc9
  • Apache Software Foundation Tomcat 8.0.1
    cpe:2.3:a:apache:tomcat:8.0.1
  • Apache Software Foundation Tomcat 8.0.2
    cpe:2.3:a:apache:tomcat:8.0.2
  • Apache Software Foundation Tomcat 8.0.3
    cpe:2.3:a:apache:tomcat:8.0.3
  • Apache Software Foundation Tomcat 8.0.4
    cpe:2.3:a:apache:tomcat:8.0.4
  • Apache Software Foundation Tomcat 8.0.5
    cpe:2.3:a:apache:tomcat:8.0.5
  • Apache Software Foundation Tomcat 8.0.6
    cpe:2.3:a:apache:tomcat:8.0.6
  • Apache Software Foundation Tomcat 8.0.7
    cpe:2.3:a:apache:tomcat:8.0.7
  • Apache Software Foundation Tomcat 8.0.8
    cpe:2.3:a:apache:tomcat:8.0.8
  • Apache Software Foundation Tomcat 8.0.9
    cpe:2.3:a:apache:tomcat:8.0.9
  • Apache Software Foundation Tomcat 8.0.10
    cpe:2.3:a:apache:tomcat:8.0.10
  • Apache Software Foundation Tomcat 8.0.11
    cpe:2.3:a:apache:tomcat:8.0.11
  • Apache Software Foundation Tomcat 8.0.12
    cpe:2.3:a:apache:tomcat:8.0.12
  • Apache Software Foundation Tomcat 8.0.13
    cpe:2.3:a:apache:tomcat:8.0.13
  • Apache Software Foundation Tomcat 8.0.14
    cpe:2.3:a:apache:tomcat:8.0.14
  • Apache Software Foundation Tomcat 8.0.15
    cpe:2.3:a:apache:tomcat:8.0.15
  • Apache Software Foundation Tomcat 8.0.16
    cpe:2.3:a:apache:tomcat:8.0.16
  • Apache Tomcat 8.0.17
    cpe:2.3:a:apache:tomcat:8.0.17
  • Apache Tomcat 8.0.18
    cpe:2.3:a:apache:tomcat:8.0.18
  • Apache Software Foundation Tomcat 8.0.19
    cpe:2.3:a:apache:tomcat:8.0.19
  • Apache Tomcat 8.0.20
    cpe:2.3:a:apache:tomcat:8.0.20
  • Apache Tomcat 8.0.21
    cpe:2.3:a:apache:tomcat:8.0.21
  • Apache Tomcat 8.0.22
    cpe:2.3:a:apache:tomcat:8.0.22
  • Apache Tomcat 8.0.23
    cpe:2.3:a:apache:tomcat:8.0.23
  • Apache Tomcat 8.0.24
    cpe:2.3:a:apache:tomcat:8.0.24
  • Apache Software Foundation Tomcat 8.0.25
    cpe:2.3:a:apache:tomcat:8.0.25
  • Apache Tomcat 8.0.26
    cpe:2.3:a:apache:tomcat:8.0.26
  • Apache Software Foundation Tomcat 8.0.27
    cpe:2.3:a:apache:tomcat:8.0.27
  • Apache Software Foundation Tomcat 8.0.28
    cpe:2.3:a:apache:tomcat:8.0.28
  • Apache Software Foundation Tomcat 8.0.29
    cpe:2.3:a:apache:tomcat:8.0.29
  • Apache Software Foundation Tomcat 8.0.30
    cpe:2.3:a:apache:tomcat:8.0.30
  • Apache Software Foundation Tomcat 8.0.31
    cpe:2.3:a:apache:tomcat:8.0.31
  • Apache Software Foundation Tomcat 8.0.32
    cpe:2.3:a:apache:tomcat:8.0.32
  • Apache Software Foundation Tomcat 8.0.33
    cpe:2.3:a:apache:tomcat:8.0.33
  • Apache Software Foundation Tomcat 8.0.34
    cpe:2.3:a:apache:tomcat:8.0.34
  • Apache Software Foundation Tomcat 8.0.35
    cpe:2.3:a:apache:tomcat:8.0.35
  • Apache Software Foundation Tomcat 8.0.36
    cpe:2.3:a:apache:tomcat:8.0.36
  • Apache Software Foundation Tomcat 8.0.37
    cpe:2.3:a:apache:tomcat:8.0.37
  • Apache Software Foundation Tomcat 8.0.38
    cpe:2.3:a:apache:tomcat:8.0.38
  • Apache Software Foundation Tomcat 8.0.39
    cpe:2.3:a:apache:tomcat:8.0.39
  • Apache Software Foundation Tomcat 8.0.40
    cpe:2.3:a:apache:tomcat:8.0.40
  • Apache Software Foundation Tomcat 8.0.41
    cpe:2.3:a:apache:tomcat:8.0.41
  • Apache Software Foundation Tomcat 8.0.42
    cpe:2.3:a:apache:tomcat:8.0.42
  • Apache Software Foundation Tomcat 8.0.43
    cpe:2.3:a:apache:tomcat:8.0.43
  • Apache Software Foundation Tomcat 8.0.44
    cpe:2.3:a:apache:tomcat:8.0.44
  • Apache Software Foundation Tomcat 8.0.45
    cpe:2.3:a:apache:tomcat:8.0.45
  • Apache Software Foundation Tomcat 8.0.46
    cpe:2.3:a:apache:tomcat:8.0.46
  • Apache Software Foundation Tomcat 8.0.47
    cpe:2.3:a:apache:tomcat:8.0.47
  • Apache Software Foundation Tomcat 8.0.48
    cpe:2.3:a:apache:tomcat:8.0.48
  • Apache Software Foundation Tomcat 8.0.49
    cpe:2.3:a:apache:tomcat:8.0.49
  • Apache Software Foundation Tomcat 8.0.50
    cpe:2.3:a:apache:tomcat:8.0.50
  • Apache Software Foundation Tomcat 8.0.51
    cpe:2.3:a:apache:tomcat:8.0.51
  • Apache Software Foundation Tomcat 8.0.52
    cpe:2.3:a:apache:tomcat:8.0.52
  • Apache Software Foundation Tomcat 8.5.0
    cpe:2.3:a:apache:tomcat:8.5.0
  • Apache Software Foundation Tomcat 8.5.1
    cpe:2.3:a:apache:tomcat:8.5.1
  • Apache Software Foundation Tomcat 8.5.2
    cpe:2.3:a:apache:tomcat:8.5.2
  • Apache Software Foundation Tomcat 8.5.3
    cpe:2.3:a:apache:tomcat:8.5.3
  • Apache Software Foundation Tomcat 8.5.4
    cpe:2.3:a:apache:tomcat:8.5.4
  • Apache Software Foundation Tomcat 8.5.5
    cpe:2.3:a:apache:tomcat:8.5.5
  • Apache Software Foundation Tomcat 8.5.6
    cpe:2.3:a:apache:tomcat:8.5.6
  • Apache Software Foundation Tomcat 8.5.7
    cpe:2.3:a:apache:tomcat:8.5.7
  • Apache Software Foundation Tomcat 8.5.8
    cpe:2.3:a:apache:tomcat:8.5.8
  • Apache Software Foundation Tomcat 8.5.9
    cpe:2.3:a:apache:tomcat:8.5.9
  • Apache Software Foundation Tomcat 8.5.10
    cpe:2.3:a:apache:tomcat:8.5.10
  • Apache Software Foundation Tomcat 8.5.11
    cpe:2.3:a:apache:tomcat:8.5.11
  • Apache Software Foundation Tomcat 8.5.12
    cpe:2.3:a:apache:tomcat:8.5.12
  • Apache Software Foundation Tomcat 8.5.13
    cpe:2.3:a:apache:tomcat:8.5.13
  • Apache Software Foundation Tomcat 8.5.14
    cpe:2.3:a:apache:tomcat:8.5.14
  • Apache Software Foundation Tomcat 8.5.15
    cpe:2.3:a:apache:tomcat:8.5.15
  • Apache Software Foundation Tomcat 8.5.16
    cpe:2.3:a:apache:tomcat:8.5.16
  • Apache Software Foundation Tomcat 8.5.17
    cpe:2.3:a:apache:tomcat:8.5.17
  • Apache Software Foundation Tomcat 8.5.18
    cpe:2.3:a:apache:tomcat:8.5.18
  • Apache Software Foundation Tomcat 8.5.19
    cpe:2.3:a:apache:tomcat:8.5.19
  • Apache Software Foundation Tomcat 8.5.20
    cpe:2.3:a:apache:tomcat:8.5.20
  • Apache Software Foundation Tomcat 8.5.21
    cpe:2.3:a:apache:tomcat:8.5.21
  • Apache Software Foundation Tomcat 8.5.22
    cpe:2.3:a:apache:tomcat:8.5.22
  • Apache Software Foundation Tomcat 8.5.23
    cpe:2.3:a:apache:tomcat:8.5.23
  • Apache Software Foundation Tomcat 8.5.24
    cpe:2.3:a:apache:tomcat:8.5.24
  • Apache Software Foundation Tomcat 8.5.25
    cpe:2.3:a:apache:tomcat:8.5.25
  • Apache Software Foundation Tomcat 8.5.26
    cpe:2.3:a:apache:tomcat:8.5.26
  • Apache Software Foundation Tomcat 8.5.27
    cpe:2.3:a:apache:tomcat:8.5.27
  • Apache Software Foundation Tomcat 8.5.28
    cpe:2.3:a:apache:tomcat:8.5.28
  • Apache Software Foundation Tomcat 8.5.29
    cpe:2.3:a:apache:tomcat:8.5.29
  • Apache Software Foundation Tomcat 8.5.30
    cpe:2.3:a:apache:tomcat:8.5.30
  • Apache Software Foundation Tomcat 8.5.31
    cpe:2.3:a:apache:tomcat:8.5.31
  • Apache Software Foundation Tomcat 9.0.0 M1
    cpe:2.3:a:apache:tomcat:9.0.0:m1
  • Apache Software Foundation Tomcat 9.0.0 M10
    cpe:2.3:a:apache:tomcat:9.0.0:m10
  • Apache Software Foundation Tomcat 9.0.0 M11
    cpe:2.3:a:apache:tomcat:9.0.0:m11
  • Apache Software Foundation Tomcat 9.0.0 M12
    cpe:2.3:a:apache:tomcat:9.0.0:m12
  • Apache Software Foundation Tomcat 9.0.0 M13
    cpe:2.3:a:apache:tomcat:9.0.0:m13
  • Apache Software Foundation Tomcat 9.0.0 M14
    cpe:2.3:a:apache:tomcat:9.0.0:m14
  • Apache Software Foundation Tomcat 9.0.0 M15
    cpe:2.3:a:apache:tomcat:9.0.0:m15
  • Apache Software Foundation Tomcat 9.0.0 M16
    cpe:2.3:a:apache:tomcat:9.0.0:m16
  • Apache Software Foundation Tomcat 9.0.0 M17
    cpe:2.3:a:apache:tomcat:9.0.0:m17
  • Apache Software Foundation Tomcat 9.0.0 M18
    cpe:2.3:a:apache:tomcat:9.0.0:m18
  • Apache Software Foundation Tomcat 9.0.0 M19
    cpe:2.3:a:apache:tomcat:9.0.0:m19
  • Apache Software Foundation Tomcat 9.0.0 M2
    cpe:2.3:a:apache:tomcat:9.0.0:m2
  • Apache Software Foundation Tomcat 9.0.0 M20
    cpe:2.3:a:apache:tomcat:9.0.0:m20
  • Apache Software Foundation Tomcat 9.0.0 M21
    cpe:2.3:a:apache:tomcat:9.0.0:m21
  • Apache Software Foundation Tomcat 9.0.0 M22
    cpe:2.3:a:apache:tomcat:9.0.0:m22
  • Apache Software Foundation Tomcat 9.0.0 M23
    cpe:2.3:a:apache:tomcat:9.0.0:m23
  • Apache Software Foundation Tomcat 9.0.0 M24
    cpe:2.3:a:apache:tomcat:9.0.0:m24
  • Apache Software Foundation Tomcat 9.0.0 M25
    cpe:2.3:a:apache:tomcat:9.0.0:m25
  • Apache Software Foundation Tomcat 9.0.0 M26
    cpe:2.3:a:apache:tomcat:9.0.0:m26
  • Apache Software Foundation Tomcat 9.0.0 M27
    cpe:2.3:a:apache:tomcat:9.0.0:m27
  • Apache Software Foundation Tomcat 9.0.0 M3
    cpe:2.3:a:apache:tomcat:9.0.0:m3
  • Apache Software Foundation Tomcat 9.0.0 M4
    cpe:2.3:a:apache:tomcat:9.0.0:m4
  • Apache Software Foundation Tomcat 9.0.0 M5
    cpe:2.3:a:apache:tomcat:9.0.0:m5
  • Apache Software Foundation Tomcat 9.0.0 M6
    cpe:2.3:a:apache:tomcat:9.0.0:m6
  • Apache Software Foundation Tomcat 9.0.0 M7
    cpe:2.3:a:apache:tomcat:9.0.0:m7
  • Apache Software Foundation Tomcat 9.0.0 M8
    cpe:2.3:a:apache:tomcat:9.0.0:m8
  • Apache Software Foundation Tomcat 9.0.0 M9
    cpe:2.3:a:apache:tomcat:9.0.0:m9
  • Apache Software Foundation Tomcat 9.0.1
    cpe:2.3:a:apache:tomcat:9.0.1
  • Apache Software Foundation Tomcat 9.0.2
    cpe:2.3:a:apache:tomcat:9.0.2
  • Apache Software Foundation Tomcat 9.0.3
    cpe:2.3:a:apache:tomcat:9.0.3
  • Apache Software Foundation Tomcat 9.0.4
    cpe:2.3:a:apache:tomcat:9.0.4
  • Apache Software Foundation Tomcat 9.0.5
    cpe:2.3:a:apache:tomcat:9.0.5
  • Apache Software Foundation Tomcat 9.0.6
    cpe:2.3:a:apache:tomcat:9.0.6
  • Apache Software Foundation Tomcat 9.0.7
    cpe:2.3:a:apache:tomcat:9.0.7
  • Apache Software Foundation Tomcat 9.0.8
    cpe:2.3:a:apache:tomcat:9.0.8
  • Apache Software Foundation Tomcat 9.0.9
    cpe:2.3:a:apache:tomcat:9.0.9
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • cpe:2.3:a:oracle:retail_order_broker:5.1
    cpe:2.3:a:oracle:retail_order_broker:5.1
  • cpe:2.3:a:oracle:retail_order_broker:5.2
    cpe:2.3:a:oracle:retail_order_broker:5.2
  • cpe:2.3:a:oracle:retail_order_broker:15.0
    cpe:2.3:a:oracle:retail_order_broker:15.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-295
CAPEC
  • Creating a Rogue Certificate Authority Certificate
    An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
nessus via4
  • NASL family Web Servers
    NASL id TOMCAT_7_0_89.NASL
    description The version of Apache Tomcat installed on the remote host is at least 7.0.41 and prior to 7.0.90. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-10-11
    plugin id 111066
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111066
    title Apache Tomcat 7.0.41 < 7.0.90 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3723-1.NASL
    description It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. (CVE-2018-1336) It was discovered that the Tomcat WebSocket client incorrectly performed hostname verification. A remote attacker could possibly use this issue to intercept sensitive information. (CVE-2018-8034). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111349
    published 2018-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111349
    title Ubuntu 14.04 LTS / 16.04 LTS : tomcat7, tomcat8 vulnerabilities (USN-3723-1)
  • NASL family