We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
Reserved 2018-03-09 | Published 2018-08-01 | Updated 2024-10-21 | Assigner apacheSecurity Constraint Bypass
usn.ubuntu.com/3723-1/ (USN-3723-1)
mail-archives.us.apache.org/....GA70283@minotaur.apache.org> ([www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass)
access.redhat.com/errata/RHSA-2019:0451 (RHSA-2019:0451)
lists.debian.org/debian-lts-announce/2018/07/msg00047.html ([debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update)
www.debian.org/security/2018/dsa-4281 (DSA-4281)
www.securitytracker.com/id/1041374 (1041374)
security.netapp.com/advisory/ntap-20180817-0001/
access.redhat.com/errata/RHSA-2019:0131 (RHSA-2019:0131)
www.oracle.com/.../security-advisory/cpuoct2018-4428296.html
access.redhat.com/errata/RHSA-2019:0130 (RHSA-2019:0130)
access.redhat.com/errata/RHSA-2019:0450 (RHSA-2019:0450)
lists.debian.org/debian-lts-announce/2018/09/msg00001.html ([debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update)
www.securityfocus.com/bid/104895 (104895)
lists.apache.org/...a7697f3daa314b04@
lists.apache.org/...9e81d45c4f8d0551@
lists.apache.org/...e3c7eb131457f708@
lists.apache.org/...b131ab0818644cdb@
lists.apache.org/...29e16ea9f83bbedc@
lists.apache.org/...a77493745af9a17a@
lists.apache.org/...557bb32b7f793661@
lists.apache.org/...d85f34c1f5c77424@
lists.apache.org/...55adcefa0532e5ba@
lists.apache.org/...4f988315086931d7@
lists.apache.org/...1d3b77b8c7cb61b3@
www.oracle.com/.../security-advisory/cpuapr2019-5072813.html
access.redhat.com/errata/RHSA-2019:1160 (RHSA-2019:1160)
access.redhat.com/errata/RHSA-2019:1162 (RHSA-2019:1162)
access.redhat.com/errata/RHSA-2019:1159 (RHSA-2019:1159)
access.redhat.com/errata/RHSA-2019:1161 (RHSA-2019:1161)
access.redhat.com/errata/RHSA-2019:1529 (RHSA-2019:1529)
www.oracle.com/.../security-advisory/cpujul2019-5072835.html
lists.apache.org/...e7af9c22db4@
access.redhat.com/errata/RHSA-2019:2205 (RHSA-2019:2205)
www.oracle.com/.../security-advisory/cpuoct2019-5072832.html
access.redhat.com/errata/RHSA-2019:3892 (RHSA-2019:3892)
lists.apache.org/...1247da2b7429d5d9@
lists.apache.org/...fa581a225834d97d@
lists.apache.org/...5578c3a2cbe5d19c@
lists.apache.org/...3d8106b115ee279a@
lists.apache.org/...53788099ea14caf0@
www.oracle.com/security-alerts/cpuapr2020.html
Support options