We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2018-8034



Description

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

Reserved 2018-03-09 | Published 2018-08-01 | Updated 2024-10-21 | Assigner apache

Problem types

Security Constraint Bypass

Product status

9.0.0.M1 to 9.0.9
affected

8.5.0 to 8.5.31
affected

8.0.0.RC1 to 8.0.52
affected

7.0.35 to 7.0.88
affected

References

usn.ubuntu.com/3723-1/ (USN-3723-1) vendor-advisory

mail-archives.us.apache.org/....GA70283@minotaur.apache.org> ([www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass) mailing-list

access.redhat.com/errata/RHSA-2019:0451 (RHSA-2019:0451) vendor-advisory

lists.debian.org/debian-lts-announce/2018/07/msg00047.html ([debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update) mailing-list

www.debian.org/security/2018/dsa-4281 (DSA-4281) vendor-advisory

www.securitytracker.com/id/1041374 (1041374) vdb-entry

security.netapp.com/advisory/ntap-20180817-0001/

access.redhat.com/errata/RHSA-2019:0131 (RHSA-2019:0131) vendor-advisory

www.oracle.com/.../security-advisory/cpuoct2018-4428296.html

access.redhat.com/errata/RHSA-2019:0130 (RHSA-2019:0130) vendor-advisory

access.redhat.com/errata/RHSA-2019:0450 (RHSA-2019:0450) vendor-advisory

lists.debian.org/debian-lts-announce/2018/09/msg00001.html ([debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update) mailing-list

www.securityfocus.com/bid/104895 (104895) vdb-entry

lists.apache.org/...a7697f3daa314b04@ ([tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/) mailing-list

lists.apache.org/...9e81d45c4f8d0551@ ([tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/) mailing-list

lists.apache.org/...e3c7eb131457f708@ ([tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/) mailing-list

lists.apache.org/...b131ab0818644cdb@ ([tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/) mailing-list

lists.apache.org/...29e16ea9f83bbedc@ ([tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/) mailing-list

lists.apache.org/...a77493745af9a17a@ ([tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/) mailing-list

lists.apache.org/...557bb32b7f793661@ ([tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/) mailing-list

lists.apache.org/...d85f34c1f5c77424@ ([tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/) mailing-list

lists.apache.org/...55adcefa0532e5ba@ ([tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/) mailing-list

lists.apache.org/...4f988315086931d7@ ([tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/) mailing-list

lists.apache.org/...1d3b77b8c7cb61b3@ ([tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/) mailing-list

www.oracle.com/.../security-advisory/cpuapr2019-5072813.html

access.redhat.com/errata/RHSA-2019:1160 (RHSA-2019:1160) vendor-advisory

access.redhat.com/errata/RHSA-2019:1162 (RHSA-2019:1162) vendor-advisory

access.redhat.com/errata/RHSA-2019:1159 (RHSA-2019:1159) vendor-advisory

access.redhat.com/errata/RHSA-2019:1161 (RHSA-2019:1161) vendor-advisory

access.redhat.com/errata/RHSA-2019:1529 (RHSA-2019:1529) vendor-advisory

www.oracle.com/.../security-advisory/cpujul2019-5072835.html

lists.apache.org/...e7af9c22db4@ ([activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.) mailing-list

access.redhat.com/errata/RHSA-2019:2205 (RHSA-2019:2205) vendor-advisory

www.oracle.com/.../security-advisory/cpuoct2019-5072832.html

access.redhat.com/errata/RHSA-2019:3892 (RHSA-2019:3892) vendor-advisory

lists.apache.org/...1247da2b7429d5d9@ ([tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/) mailing-list

lists.apache.org/...fa581a225834d97d@ ([tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/) mailing-list

lists.apache.org/...5578c3a2cbe5d19c@ ([tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/) mailing-list

lists.apache.org/...3d8106b115ee279a@ ([tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/) mailing-list

lists.apache.org/...53788099ea14caf0@ ([tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/) mailing-list

www.oracle.com/security-alerts/cpuapr2020.html

cve.org (CVE-2018-8034)

nvd.nist.gov (CVE-2018-8034)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2018-8034

Support options

Helpdesk Chat, Email, Knowledgebase