CVE-2018-8019

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-8019
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8019.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-8019
Downstream
Related
Published
2018-07-31T13:29:00.797Z
Modified
2026-03-15T22:27:38.171775Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "1.1.23"
            },
            {
                "last_affected": "1.1.34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "1.2.0"
            },
            {
                "last_affected": "1.2.16"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8019.json"