Scribd Logo
Upload

Welcome to Scribd!

  • Cve - Cve-2018-8034 PDF

    Uploaded by

    Spit Fire
    45 views2 pages

    Original Title

    CVE - CVE-2018-8034.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    45 views2 pages

    Cve - Cve-2018-8034 PDF

    Uploaded by

    Spit Fire

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    CVE - CVE-2018-8034 1/16/20, 2(33 PM

    CVE List CNAs WGs Board About


    News & Blog Go to for:
    CVSS Scores
    CPE Info
    Advanced Search
    Common Vulnerabilities and Exposures

    Full-Screen View
    CVE-ID

    CVE-2018-8034 Learn more at National Vulnerability Database (NVD)


    • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

    Description
    The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat
    9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
    References
    Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

    BID:104895
    URL:http://www.securityfocus.com/bid/104895
    CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
    CONFIRM:https://security.netapp.com/advisory/ntap-20180817-0001/
    DEBIAN:DSA-4281
    URL:https://www.debian.org/security/2018/dsa-4281
    MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
    MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
    MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
    MLIST:[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.
    URL:https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E
    MLIST:[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update
    URL:https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html
    MLIST:[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update
    URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html
    MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
    URL:https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
    URL:https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
    URL:https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
    URL:https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/
    URL:https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
    MLIST:[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass
    URL:http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E
    REDHAT:RHSA-2019:0130
    URL:https://access.redhat.com/errata/RHSA-2019:0130
    REDHAT:RHSA-2019:0131
    URL:https://access.redhat.com/errata/RHSA-2019:0131

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8034 Page 1 of 2
    CVE - CVE-2018-8034 1/16/20, 2(33 PM

    REDHAT:RHSA-2019:0450
    URL:https://access.redhat.com/errata/RHSA-2019:0450
    REDHAT:RHSA-2019:0451
    URL:https://access.redhat.com/errata/RHSA-2019:0451
    REDHAT:RHSA-2019:1159
    URL:https://access.redhat.com/errata/RHSA-2019:1159
    REDHAT:RHSA-2019:1160
    URL:https://access.redhat.com/errata/RHSA-2019:1160
    REDHAT:RHSA-2019:1161
    URL:https://access.redhat.com/errata/RHSA-2019:1161
    REDHAT:RHSA-2019:1162
    URL:https://access.redhat.com/errata/RHSA-2019:1162
    REDHAT:RHSA-2019:1529
    URL:https://access.redhat.com/errata/RHSA-2019:1529
    REDHAT:RHSA-2019:2205
    URL:https://access.redhat.com/errata/RHSA-2019:2205
    REDHAT:RHSA-2019:3892
    URL:https://access.redhat.com/errata/RHSA-2019:3892
    SECTRACK:1041374
    URL:http://www.securitytracker.com/id/1041374
    UBUNTU:USN-3723-1
    URL:https://usn.ubuntu.com/3723-1/

    Assigning CNA
    Apache Software Foundation

    Date Entry Created


    20180309 Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily
    indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
    Phase (Legacy)
    Assigned (20180309)

    Votes (Legacy)

    Comments (Legacy)

    Proposed (Legacy)
    N/A
    This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

    SEARCH CVE USING KEYWORDS: Submit


    You can also search by reference using the CVE Reference Maps.

    For More Information: CVE Request Web Form (select “Other” from dropdown)

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8034 Page 2 of 2

    You might also like