ID CVE-2018-8034
Summary The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 7.0.35
    cpe:2.3:a:apache:tomcat:7.0.35
  • Apache Software Foundation Tomcat 7.0.36
    cpe:2.3:a:apache:tomcat:7.0.36
  • Apache Software Foundation Tomcat 7.0.37
    cpe:2.3:a:apache:tomcat:7.0.37
  • Apache Software Foundation Tomcat 7.0.38
    cpe:2.3:a:apache:tomcat:7.0.38
  • Apache Software Foundation Tomcat 7.0.39
    cpe:2.3:a:apache:tomcat:7.0.39
  • Apache Software Foundation Tomcat 7.0.40
    cpe:2.3:a:apache:tomcat:7.0.40
  • Apache Software Foundation Tomcat 7.0.41
    cpe:2.3:a:apache:tomcat:7.0.41
  • Apache Software Foundation Tomcat 7.0.42
    cpe:2.3:a:apache:tomcat:7.0.42
  • Apache Software Foundation Tomcat 7.0.43
    cpe:2.3:a:apache:tomcat:7.0.43
  • Apache Software Foundation Tomcat 7.0.44
    cpe:2.3:a:apache:tomcat:7.0.44
  • Apache Software Foundation Tomcat 7.0.45
    cpe:2.3:a:apache:tomcat:7.0.45
  • Apache Software Foundation Tomcat 7.0.46
    cpe:2.3:a:apache:tomcat:7.0.46
  • Apache Software Foundation Tomcat 7.0.47
    cpe:2.3:a:apache:tomcat:7.0.47
  • Apache Software Foundation Tomcat 7.0.48
    cpe:2.3:a:apache:tomcat:7.0.48
  • Apache Software Foundation Tomcat 7.0.49
    cpe:2.3:a:apache:tomcat:7.0.49
  • Apache Software Foundation Tomcat 7.0.50
    cpe:2.3:a:apache:tomcat:7.0.50
  • Apache Software Foundation Tomcat 7.0.51
    cpe:2.3:a:apache:tomcat:7.0.51
  • Apache Software Foundation Tomcat 7.0.54
    cpe:2.3:a:apache:tomcat:7.0.54
  • Apache Software Foundation Tomcat 7.0.55
    cpe:2.3:a:apache:tomcat:7.0.55
  • Apache Software Foundation Tomcat 7.0.56
    cpe:2.3:a:apache:tomcat:7.0.56
  • Apache Software Foundation Tomcat 7.0.57
    cpe:2.3:a:apache:tomcat:7.0.57
  • Apache Software Foundation Tomcat 7.0.58
    cpe:2.3:a:apache:tomcat:7.0.58
  • Apache Tomcat 7.0.59
    cpe:2.3:a:apache:tomcat:7.0.59
  • Apache Software Foundation Tomcat 7.0.60
    cpe:2.3:a:apache:tomcat:7.0.60
  • Apache Tomcat 7.0.61
    cpe:2.3:a:apache:tomcat:7.0.61
  • Apache Tomcat 7.0.62
    cpe:2.3:a:apache:tomcat:7.0.62
  • Apache Tomcat 7.0.63
    cpe:2.3:a:apache:tomcat:7.0.63
  • Apache Tomcat 7.0.64
    cpe:2.3:a:apache:tomcat:7.0.64
  • Apache Software Foundation Tomcat 7.0.65
    cpe:2.3:a:apache:tomcat:7.0.65
  • Apache Software Foundation Tomcat 7.0.66
    cpe:2.3:a:apache:tomcat:7.0.66
  • Apache Software Foundation Tomcat 7.0.67
    cpe:2.3:a:apache:tomcat:7.0.67
  • Apache Software Foundation Tomcat 7.0.68
    cpe:2.3:a:apache:tomcat:7.0.68
  • Apache Software Foundation Tomcat 7.0.69
    cpe:2.3:a:apache:tomcat:7.0.69
  • Apache Software Foundation Tomcat 7.0.70
    cpe:2.3:a:apache:tomcat:7.0.70
  • Apache Software Foundation Tomcat 7.0.71
    cpe:2.3:a:apache:tomcat:7.0.71
  • Apache Software Foundation Tomcat 7.0.72
    cpe:2.3:a:apache:tomcat:7.0.72
  • Apache Software Foundation Tomcat 7.0.73
    cpe:2.3:a:apache:tomcat:7.0.73
  • Apache Software Foundation Tomcat 7.0.74
    cpe:2.3:a:apache:tomcat:7.0.74
  • Apache Software Foundation Tomcat 7.0.75
    cpe:2.3:a:apache:tomcat:7.0.75
  • Apache Software Foundation Tomcat 7.0.76
    cpe:2.3:a:apache:tomcat:7.0.76
  • Apache Software Foundation Tomcat 7.0.77
    cpe:2.3:a:apache:tomcat:7.0.77
  • Apache Software Foundation Tomcat 7.0.78
    cpe:2.3:a:apache:tomcat:7.0.78
  • Apache Software Foundation Tomcat 7.0.79
    cpe:2.3:a:apache:tomcat:7.0.79
  • Apache Software Foundation Tomcat 7.0.80
    cpe:2.3:a:apache:tomcat:7.0.80
  • Apache Software Foundation Tomcat 7.0.81
    cpe:2.3:a:apache:tomcat:7.0.81
  • Apache Software Foundation Tomcat 7.0.82
    cpe:2.3:a:apache:tomcat:7.0.82
  • Apache Software Foundation Tomcat 7.0.83
    cpe:2.3:a:apache:tomcat:7.0.83
  • Apache Software Foundation Tomcat 7.0.84
    cpe:2.3:a:apache:tomcat:7.0.84
  • Apache Software Foundation Tomcat 7.0.85
    cpe:2.3:a:apache:tomcat:7.0.85
  • Apache Software Foundation Tomcat 8.0.0 Release Candidate 1
    cpe:2.3:a:apache:tomcat:8.0.0:rc1
  • Apache Software Foundation Tomcat 8.0.0 release candidate 10
    cpe:2.3:a:apache:tomcat:8.0.0:rc10
  • Apache Software Foundation Tomcat 8.0.0 Release Candidate 2
    cpe:2.3:a:apache:tomcat:8.0.0:rc2
  • cpe:2.3:a:apache:tomcat:8.0.0:rc3
    cpe:2.3:a:apache:tomcat:8.0.0:rc3
  • cpe:2.3:a:apache:tomcat:8.0.0:rc4
    cpe:2.3:a:apache:tomcat:8.0.0:rc4
  • Apache Software Foundation Tomcat 8.0.0 release candidate 5
    cpe:2.3:a:apache:tomcat:8.0.0:rc5
  • cpe:2.3:a:apache:tomcat:8.0.0:rc6
    cpe:2.3:a:apache:tomcat:8.0.0:rc6
  • cpe:2.3:a:apache:tomcat:8.0.0:rc7
    cpe:2.3:a:apache:tomcat:8.0.0:rc7
  • cpe:2.3:a:apache:tomcat:8.0.0:rc8
    cpe:2.3:a:apache:tomcat:8.0.0:rc8
  • cpe:2.3:a:apache:tomcat:8.0.0:rc9
    cpe:2.3:a:apache:tomcat:8.0.0:rc9
  • Apache Software Foundation Tomcat 8.0.1
    cpe:2.3:a:apache:tomcat:8.0.1
  • Apache Software Foundation Tomcat 8.0.2
    cpe:2.3:a:apache:tomcat:8.0.2
  • Apache Software Foundation Tomcat 8.0.4
    cpe:2.3:a:apache:tomcat:8.0.4
  • Apache Software Foundation Tomcat 8.0.6
    cpe:2.3:a:apache:tomcat:8.0.6
  • Apache Software Foundation Tomcat 8.0.7
    cpe:2.3:a:apache:tomcat:8.0.7
  • Apache Software Foundation Tomcat 8.0.9
    cpe:2.3:a:apache:tomcat:8.0.9
  • Apache Software Foundation Tomcat 8.0.10
    cpe:2.3:a:apache:tomcat:8.0.10
  • Apache Software Foundation Tomcat 8.0.11
    cpe:2.3:a:apache:tomcat:8.0.11
  • Apache Software Foundation Tomcat 8.0.12
    cpe:2.3:a:apache:tomcat:8.0.12
  • Apache Software Foundation Tomcat 8.0.13
    cpe:2.3:a:apache:tomcat:8.0.13
  • Apache Software Foundation Tomcat 8.0.14
    cpe:2.3:a:apache:tomcat:8.0.14
  • Apache Software Foundation Tomcat 8.0.15
    cpe:2.3:a:apache:tomcat:8.0.15
  • Apache Software Foundation Tomcat 8.0.16
    cpe:2.3:a:apache:tomcat:8.0.16
  • Apache Tomcat 8.0.17
    cpe:2.3:a:apache:tomcat:8.0.17
  • Apache Tomcat 8.0.18
    cpe:2.3:a:apache:tomcat:8.0.18
  • Apache Software Foundation Tomcat 8.0.19
    cpe:2.3:a:apache:tomcat:8.0.19
  • Apache Tomcat 8.0.20
    cpe:2.3:a:apache:tomcat:8.0.20
  • Apache Tomcat 8.0.21
    cpe:2.3:a:apache:tomcat:8.0.21
  • Apache Tomcat 8.0.22
    cpe:2.3:a:apache:tomcat:8.0.22
  • Apache Tomcat 8.0.23
    cpe:2.3:a:apache:tomcat:8.0.23
  • Apache Tomcat 8.0.24
    cpe:2.3:a:apache:tomcat:8.0.24
  • Apache Software Foundation Tomcat 8.0.25
    cpe:2.3:a:apache:tomcat:8.0.25
  • Apache Tomcat 8.0.26
    cpe:2.3:a:apache:tomcat:8.0.26
  • Apache Software Foundation Tomcat 8.0.27
    cpe:2.3:a:apache:tomcat:8.0.27
  • Apache Software Foundation Tomcat 8.0.28
    cpe:2.3:a:apache:tomcat:8.0.28
  • Apache Software Foundation Tomcat 8.0.29
    cpe:2.3:a:apache:tomcat:8.0.29
  • Apache Software Foundation Tomcat 8.0.30
    cpe:2.3:a:apache:tomcat:8.0.30
  • Apache Software Foundation Tomcat 8.0.31
    cpe:2.3:a:apache:tomcat:8.0.31
  • Apache Software Foundation Tomcat 8.0.32
    cpe:2.3:a:apache:tomcat:8.0.32
  • Apache Software Foundation Tomcat 8.0.33
    cpe:2.3:a:apache:tomcat:8.0.33
  • Apache Software Foundation Tomcat 8.0.34
    cpe:2.3:a:apache:tomcat:8.0.34
  • Apache Software Foundation Tomcat 8.0.35
    cpe:2.3:a:apache:tomcat:8.0.35
  • Apache Software Foundation Tomcat 8.0.36
    cpe:2.3:a:apache:tomcat:8.0.36
  • Apache Software Foundation Tomcat 8.0.37
    cpe:2.3:a:apache:tomcat:8.0.37
  • Apache Software Foundation Tomcat 8.0.38
    cpe:2.3:a:apache:tomcat:8.0.38
  • Apache Software Foundation Tomcat 8.0.39
    cpe:2.3:a:apache:tomcat:8.0.39
  • Apache Software Foundation Tomcat 8.0.40
    cpe:2.3:a:apache:tomcat:8.0.40
  • Apache Software Foundation Tomcat 8.0.41
    cpe:2.3:a:apache:tomcat:8.0.41
  • Apache Software Foundation Tomcat 8.0.42
    cpe:2.3:a:apache:tomcat:8.0.42
  • Apache Software Foundation Tomcat 8.0.43
    cpe:2.3:a:apache:tomcat:8.0.43
  • Apache Software Foundation Tomcat 8.0.44
    cpe:2.3:a:apache:tomcat:8.0.44
  • Apache Software Foundation Tomcat 8.0.47
    cpe:2.3:a:apache:tomcat:8.0.47
  • Apache Software Foundation Tomcat 8.0.48
    cpe:2.3:a:apache:tomcat:8.0.48
  • Apache Software Foundation Tomcat 8.0.49
    cpe:2.3:a:apache:tomcat:8.0.49
  • Apache Software Foundation Tomcat 8.5.0
    cpe:2.3:a:apache:tomcat:8.5.0
  • Apache Software Foundation Tomcat 8.5.1
    cpe:2.3:a:apache:tomcat:8.5.1
  • Apache Software Foundation Tomcat 8.5.2
    cpe:2.3:a:apache:tomcat:8.5.2
  • Apache Software Foundation Tomcat 8.5.3
    cpe:2.3:a:apache:tomcat:8.5.3
  • Apache Software Foundation Tomcat 8.5.4
    cpe:2.3:a:apache:tomcat:8.5.4
  • Apache Software Foundation Tomcat 8.5.5
    cpe:2.3:a:apache:tomcat:8.5.5
  • Apache Software Foundation Tomcat 8.5.6
    cpe:2.3:a:apache:tomcat:8.5.6
  • Apache Software Foundation Tomcat 8.5.7
    cpe:2.3:a:apache:tomcat:8.5.7
  • Apache Software Foundation Tomcat 8.5.8
    cpe:2.3:a:apache:tomcat:8.5.8
  • Apache Software Foundation Tomcat 8.5.9
    cpe:2.3:a:apache:tomcat:8.5.9
  • Apache Software Foundation Tomcat 8.5.10
    cpe:2.3:a:apache:tomcat:8.5.10
  • Apache Software Foundation Tomcat 8.5.11
    cpe:2.3:a:apache:tomcat:8.5.11
  • Apache Software Foundation Tomcat 8.5.12
    cpe:2.3:a:apache:tomcat:8.5.12
  • Apache Software Foundation Tomcat 8.5.13
    cpe:2.3:a:apache:tomcat:8.5.13
  • Apache Software Foundation Tomcat 8.5.14
    cpe:2.3:a:apache:tomcat:8.5.14
  • Apache Software Foundation Tomcat 8.5.15
    cpe:2.3:a:apache:tomcat:8.5.15
  • Apache Software Foundation Tomcat 8.5.23
    cpe:2.3:a:apache:tomcat:8.5.23
  • Apache Software Foundation Tomcat 8.5.24
    cpe:2.3:a:apache:tomcat:8.5.24
  • Apache Software Foundation Tomcat 8.5.27
    cpe:2.3:a:apache:tomcat:8.5.27
  • Apache Software Foundation Tomcat 8.5.28
    cpe:2.3:a:apache:tomcat:8.5.28
  • Apache Software Foundation Tomcat 8.5.29
    cpe:2.3:a:apache:tomcat:8.5.29
  • Apache Software Foundation Tomcat 9.0.0 M1
    cpe:2.3:a:apache:tomcat:9.0.0:m1
  • Apache Software Foundation Tomcat 9.0.0 M10
    cpe:2.3:a:apache:tomcat:9.0.0:m10
  • Apache Software Foundation Tomcat 9.0.0 M11
    cpe:2.3:a:apache:tomcat:9.0.0:m11
  • Apache Software Foundation Tomcat 9.0.0 M12
    cpe:2.3:a:apache:tomcat:9.0.0:m12
  • Apache Software Foundation Tomcat 9.0.0 M13
    cpe:2.3:a:apache:tomcat:9.0.0:m13
  • Apache Software Foundation Tomcat 9.0.0 M14
    cpe:2.3:a:apache:tomcat:9.0.0:m14
  • Apache Software Foundation Tomcat 9.0.0 M15
    cpe:2.3:a:apache:tomcat:9.0.0:m15
  • Apache Software Foundation Tomcat 9.0.0 M16
    cpe:2.3:a:apache:tomcat:9.0.0:m16
  • Apache Software Foundation Tomcat 9.0.0 M17
    cpe:2.3:a:apache:tomcat:9.0.0:m17
  • Apache Software Foundation Tomcat 9.0.0 M18
    cpe:2.3:a:apache:tomcat:9.0.0:m18
  • Apache Software Foundation Tomcat 9.0.0 M19
    cpe:2.3:a:apache:tomcat:9.0.0:m19
  • Apache Software Foundation Tomcat 9.0.0 M2
    cpe:2.3:a:apache:tomcat:9.0.0:m2
  • Apache Software Foundation Tomcat 9.0.0 M20
    cpe:2.3:a:apache:tomcat:9.0.0:m20
  • Apache Software Foundation Tomcat 9.0.0 M21
    cpe:2.3:a:apache:tomcat:9.0.0:m21
  • cpe:2.3:a:apache:tomcat:9.0.0:m22
    cpe:2.3:a:apache:tomcat:9.0.0:m22
  • cpe:2.3:a:apache:tomcat:9.0.0:m23
    cpe:2.3:a:apache:tomcat:9.0.0:m23
  • cpe:2.3:a:apache:tomcat:9.0.0:m24
    cpe:2.3:a:apache:tomcat:9.0.0:m24
  • cpe:2.3:a:apache:tomcat:9.0.0:m25
    cpe:2.3:a:apache:tomcat:9.0.0:m25
  • cpe:2.3:a:apache:tomcat:9.0.0:m26
    cpe:2.3:a:apache:tomcat:9.0.0:m26
  • cpe:2.3:a:apache:tomcat:9.0.0:m27
    cpe:2.3:a:apache:tomcat:9.0.0:m27
  • Apache Software Foundation Tomcat 9.0.0 M3
    cpe:2.3:a:apache:tomcat:9.0.0:m3
  • Apache Software Foundation Tomcat 9.0.0 M4
    cpe:2.3:a:apache:tomcat:9.0.0:m4
  • Apache Software Foundation Tomcat 9.0.0 M5
    cpe:2.3:a:apache:tomcat:9.0.0:m5
  • Apache Software Foundation Tomcat 9.0.0 M6
    cpe:2.3:a:apache:tomcat:9.0.0:m6
  • Apache Software Foundation Tomcat 9.0.0 M7
    cpe:2.3:a:apache:tomcat:9.0.0:m7
  • Apache Software Foundation Tomcat 9.0.0 M8
    cpe:2.3:a:apache:tomcat:9.0.0:m8
  • Apache Software Foundation Tomcat 9.0.0 M9
    cpe:2.3:a:apache:tomcat:9.0.0:m9
  • Apache Software Foundation Tomcat 9.0.1
    cpe:2.3:a:apache:tomcat:9.0.1
  • Apache Software Foundation Tomcat 9.0.2
    cpe:2.3:a:apache:tomcat:9.0.2
  • Apache Software Foundation Tomcat 9.0.3
    cpe:2.3:a:apache:tomcat:9.0.3
  • Apache Software Foundation Tomcat 9.0.4
    cpe:2.3:a:apache:tomcat:9.0.4
  • Apache Software Foundation Tomcat 9.0.5
    cpe:2.3:a:apache:tomcat:9.0.5
  • Apache Software Foundation Tomcat 9.0.6
    cpe:2.3:a:apache:tomcat:9.0.6
  • Apache Software Foundation Tomcat 9.0.7
    cpe:2.3:a:apache:tomcat:9.0.7
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-295
CAPEC
  • Creating a Rogue Certificate Authority Certificate
    An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1019.NASL
    description This update for tomcat to 8.0.53 fixes the following issues : Security issue fixed : - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410). - CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697). Bug fixes : - bsc#1067720: Avoid overwriting of customer's configuration during update. - bsc#1095472: Add Obsoletes for tomcat6 packages. This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-01-16
    modified 2018-09-17
    plugin id 117526
    published 2018-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117526
    title openSUSE Security Update : tomcat (openSUSE-2018-1019)
  • NASL family Web Servers
    NASL id TOMCAT_8_0_53.NASL
    description The version of Apache Tomcat installed on the remote host is 8.0.x prior to 8.0.53. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-01-16
    modified 2018-10-11
    plugin id 111067
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111067
    title Apache Tomcat 8.0.0 < 8.0.53 Security Constraint Weakness
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1129.NASL
    description This update for tomcat to version 9.0.10 fixes the following issues : Security issues fixed : - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410). Bug fixes : - Avoid overwriting of customer's configuration during update (bsc#1067720) - Disable adding OSGi metadata to JAR files - See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#T omcat_9.0.10_(markt) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-01-16
    modified 2018-10-09
    plugin id 117983
    published 2018-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117983
    title openSUSE Security Update : tomcat (openSUSE-2018-1129)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2019-0131.NASL
    description An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * tomcat: host name verification missing in WebSocket client (CVE-2018-8034) * tomcat: Open redirect in default servlet (CVE-2018-11784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-01-28
    modified 2019-01-24
    plugin id 121325
    published 2019-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121325
    title RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 6 (RHSA-2019:0131)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1491.NASL
    description Two security issues have been discovered in the Tomcat servlet and JSP engine. CVE-2018-1336 An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. CVE-2018-8034 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. For Debian 8 'Jessie', these problems have been fixed in version 8.0.14-1+deb8u13. We recommend that you upgrade your tomcat8 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-10-10
    plugin id 112230
    published 2018-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112230
    title Debian DLA-1491-1 : tomcat8 security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4281.NASL
    description Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak.
    last seen 2019-01-16
    modified 2018-11-13
    plugin id 112185
    published 2018-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112185
    title Debian DSA-4281-1 : tomcat8 - security update
  • NASL family Web Servers
    NASL id TOMCAT_8_5_32.NASL
    description The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.32. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-01-16
    modified 2018-10-11
    plugin id 111068
    published 2018-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111068
    title Apache Tomcat 8.5.0 < 8.5.32 Multiple Vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1056.NASL
    description The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.(CVE-2018-8014) An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 8.5.0 to 8.5.30. (CVE-2018-1336) The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 8.5.0 to 8.5.31.(CVE-2018-8034) A bug in the tracking of connection closures can lead to reuse of user sessions in a new connection. Versions Affected: Apache Tomcat 8.5.5 to 8.5.31.(CVE-2018-8037)
    last seen 2019-01-16
    modified 2018-08-31
    plugin id 111611
    published 2018-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111611
    title Amazon Linux AMI : tomcat8 (ALAS-2018-1056)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1453.NASL
    description The host name verification in Tomcat when using TLS with the WebSocket client was missing. It is now enabled by default. For Debian 8 'Jessie', this problem has been fixed in version 7.0.56-3+really7.0.90-1. We recommend that you upgrade your tomcat7 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-10-11
    plugin id 111394
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111394
    title Debian DLA-1453-1 : tomcat7 security update
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1055.NASL
    description The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.(CVE-2018-8014) An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. (CVE-2018-1336) The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.(CVE-2018-8034)
    last seen 2019-01-16
    modified 2018-08-31
    plugin id 111610
    published 2018-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111610
    title Amazon Linux AMI : tomcat7 / tomcat80 (ALAS-2018-1055)
  • NASL family Web Servers
    NASL id TOMCAT_9_0_9.NASL
    description The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.10. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-01-16
    modified 2018-10-11
    plugin id 111069
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111069
    title Apache Tomcat 9.0.0 < 9.0.10 Security Constraint Weakness
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-B1832101B8.NASL
    description This update includes a rebase from 8.5.30 up to 8.5.32 which resolves two CVEs along with various other bugs/features : - rhbz#1579612 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins - rhbz#1607586 CVE-2018-8034 tomcat: host name verification missing in WebSocket client - rhbz#1607584 CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2019-01-03
    plugin id 120717
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120717
    title Fedora 28 : 1:tomcat (2018-b1832101b8)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3723-1.NASL
    description It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. (CVE-2018-1336) It was discovered that the Tomcat WebSocket client incorrectly performed hostname verification. A remote attacker could possibly use this issue to intercept sensitive information. (CVE-2018-8034). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 111349
    published 2018-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111349
    title Ubuntu 14.04 LTS / 16.04 LTS : tomcat7, tomcat8 vulnerabilities (USN-3723-1)
  • NASL family Web Servers
    NASL id TOMCAT_7_0_89.NASL
    description The version of Apache Tomcat installed on the remote host is at least 7.0.41 and prior to 7.0.90. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-01-16
    modified 2018-10-11
    plugin id 111066
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111066
    title Apache Tomcat 7.0.41 < 7.0.90 Multiple Vulnerabilities
redhat via4
advisories
  • rhsa
    id RHSA-2019:0130
  • rhsa
    id RHSA-2019:0131
refmap via4
bid 104895
confirm
debian DSA-4281
mlist
  • [debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update
  • [debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update
  • [www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass
sectrack 1041374
ubuntu USN-3723-1
the hacker news via4
id THN:D761F7EF41472ED13C52BD3AF1E1F9BA
last seen 2018-07-24
modified 2018-07-24
published 2018-07-24
reporter The Hacker News
source https://thehackernews.com/2018/07/apache-tomcat-server.html
title Apache Tomcat Patches Important Security Vulnerabilities
Last major update 01-08-2018 - 14:29
Published 01-08-2018 - 14:29
Last modified 23-01-2019 - 06:29
Back to Top