CVSS: 7.4EPSS: 1%CPEs: 3EXPL: 0CVE-2018-8020 – tomcat-native: Mishandled OCSP responses can allow clients to authenticate with revoked certificates
https://notcve.org/view.php?id=CVE-2018-8020
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability. Apache Tomcat Native desde la versión 1.2.0 hasta la 1.2.16 y desde la versión 1.1.23 hasta la 1.1.34 tiene un error por el cual no comprueba las respuestas OCSP preproducidas, las cuales son listas (múltiples entradas) de estados de certificados. Subsecuentemente, los certificados de cliente revocados no se identifican correctamente, lo que permite que los usuarios se autentiquen con certificados revocados en conexiones que requieren TLS mutuo. • http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721101944.GA45239%40minotaur.apache.org%3E http://www.securityfocus.com/bid/104934 http://www.securitytracker.com/id/1041507 https://access.redhat.com/errata/RHSA-2018:2469 https://access.redhat.com/errata/RHSA-2018:2470 https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.ap • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 1%CPEs: 48EXPL: 0CVE-2018-1336 – tomcat: A bug in the UTF-8 decoder can lead to DoS
https://notcve.org/view.php?id=CVE-2018-1336
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. Una gestión incorrecta del desbordamiento en el decodificador UTF-8 con caracteres suplementarios puede conducir a un bucle infinito en el decodificador, provocando una denegación de servicio (DoS). Versiones afectadas: Apache Tomcat de la versión 9.0.0.M9 a la 9.0.7, de la 8.5.0 a la 8.5.30, de la 8.0.0.RC1 a la 8.0.51 y de la versión 7.0.28 a la 7.0.86. • http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E http://www.securityfocus.com/bid/104898 http://www.securitytracker.com/id/1041375 https://access.redhat.com/errata/RHEA-2018:2188 https://access.redhat.com/errata/RHEA-2018:2189 https://access.redhat.com/errata/RHSA-2018:2700 https://access.redhat.com/errata/RHSA-2018:2701 https://access.redhat.com/errata/RHSA-2018:2740 https://access.redhat.com/errata/RHSA-20 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 48EXPL: 0CVE-2018-8034 – tomcat: Host name verification missing in WebSocket client
https://notcve.org/view.php?id=CVE-2018-8034
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. No hay verificación del nombre del host al emplear TLS con el cliente WebSocket. Ahora está habilitado por defecto. • http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/104895 http://www.securitytracker.com/id/1041374 https://access.redhat.com/errata/RHSA-2019:0130 https://access.redhat.com/errata/RHSA-2019:0131 https://access.redhat.com/errata/RHSA-2019:0450 https://access.redhat.com/errata/RHSA-2019:0451 https://access.redhat • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 5%CPEs: 18EXPL: 0CVE-2018-8014 – tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
https://notcve.org/view.php?id=CVE-2018-8014
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue. Las opciones por defecto para el filtro CORS proporcionado en Apache Tomcat 9.0.0.M1 a 9.0.8, 8.5.0 a 8.5.31, 8.0.0.RC1 a 8.0.52 y 7.0.41 a 7.0.88 son inseguras y permiten "supportsCredentials" para todos los orígenes. Se espera que los usuarios del filtro CORS lo tengan configurado de forma adecuada para su entorno, en lugar de emplearlo con su configuración por defecto. • http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-8.html http://tomcat.apache.org/security-9.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/104203 http://www.securitytracker.com/id/1040998 http://www.securitytracker.com/id/1041888 https://access.redhat.com/errata/RHSA-2018:2469 https://access.redhat.com/errata/RHSA-2018:2470 https://access.redhat.com/errata/RHSA-2018:3768 https://a • CWE-284: Improper Access Control CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 26%CPEs: 1EXPL: 0CVE-2018-1323 – isapi_redirect: Mishandled HTTP request paths in jk_isapi_plugin.c can lead to unintended exposure of application resources via the reverse proxy
https://notcve.org/view.php?id=CVE-2018-1323
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy. El código específico IIS/ISAPI en Apache Tomcat JK ISAPI Connector, de la versión 1.2.0 a la 1.2.42, que normalizaba la ruta solicitada antes de emparejarla al mapa URI-worker no gestionaba algunos casos perimetrales (edge cases) correctamente. Si solo un subconjunto de las URL soportadas por Tomcat estuviese expuesto mediante IIS, una petición especialmente construida podría exponer funcionalidades de la aplicación mediante el proxy inverso que no estaba pensado para que los clientes accediesen a Tomcat a través de él. • http://www.securityfocus.com/bid/103389 https://access.redhat.com/errata/RHSA-2018:1843 https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f%40%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •