4.3
MEDIUM

CVE-2018-8019

Published: 31/07/2018 Updated: 03/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

Vulnerability Summary

Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

A vulnerability in the Online Certificate Status Protocol (OCSP) responder of Apache Tomcat Native could allow an authenticated, remote attacker to gain unauthorized access to a targeted system. The vulnerability exists because the affected software improperly handles invalid responses. As a result, revoked certificates may not be properly identified. An attacker could exploit this vulnerability by using a revoked certificate to authenticate to the affected application when using a mutual Transport Layer Security (TLS) connection. A successful exploit could allow the attacker to gain unauthorized access to the system, which could be used to conduct further attacks. Apache confirmed the vulnerability and released software updates.

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheTomcat Native1.1.23, 1.1.24, 1.1.25, 1.1.26, 1.1.27, 1.1.28, 1.1.29, 1.1.30, 1.1.31, 1.1.32, 1.1.33, 1.1.34, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 1.2.16
DebianDebian Linux8.0

Vendor Advisories

Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 4 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this release as ...
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 4 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this release as having a security impact of Important A Common Vulner ...
When using an OCSP responder Apache Tomcat Native 120 to 1216 and 1123 to 1134 did not correctly handle invalid responses This allowed for revoked client certificates to be incorrectly identified It was therefore possible for users to authenticate with revoked certificates when using mutual TLS Users not using OCSP checks are not affecte ...

References