DEBIAN-CVE-2018-8019

DEBIAN-CVE-2018-8019 PUBLISHED CVSS 7.400000095367432 HIGH

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

Risk Scores

CVSS v3.0

7.400000095367432

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:13	tomcat-native	0, 0, 0
Debian:14	tomcat-native	0, 0, 0
Debian:12	tomcat-native	0, 0, 0
Debian:11	tomcat-native	0, 0, 0

Timeline

Jul 31, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-8019 advisory

Open in Interactive Console →