Published: 31/01/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat native
debian debian linux 8.0
debian debian linux 9.0

Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 2 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...

Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 2 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime (APR) library's network connection (socket) implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate If OCSP checks are used, this could resul ...

Mishandling of client certificates can allow for OCSP check bypass:When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 120 to 1214 and 1123 to 1134 did not correctly handle fields longer than 127 bytes The result of the parsing error was to skip the OCSP check It was therefore possible for client c ...

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 120 to 1214 and 1123 to 1134 did not correctly handle fields longer than 127 bytes The result of the parsing error was to skip the OCSP check It was therefore possible for client certificates that should have been rejected (if the OCSP check had b ...

CWE-295 https://lists.debian.org/debian-lts-announce/2018/02/msg00011.html https://www.debian.org/security/2018/dsa-4118 http://www.securitytracker.com/id/1040390 https://access.redhat.com/errata/RHSA-2018:0466 https://access.redhat.com/errata/RHSA-2018:0465 https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8%40%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E https://access.redhat.com/errata/RHSA-2018:0466 https://www.debian.org/security/./dsa-4118 https://nvd.nist.gov

CVE-2017-15698

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect