CVE-2018-8019 in Apache and Debian Products
Published on July 31, 2018
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.
Products Associated with CVE-2018-8019
stack.watch emails you whenever new vulnerabilities are published in Apache Tomcat Native or Debian Linux. Just hit a watch button to start following.
Affected Versions
Apache Software Foundation Apache Tomcat Native:- Version 1.2.0 to 1.2.16 is affected.
- Version 1.1.23 to 1.1.34 is affected.
Exploit Probability
EPSS
0.85%
Percentile
74.63%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.