Vulnerabilities > Apache > Tomcat Native

DATE CVE VULNERABILITY TITLE RISK
2018-07-31 CVE-2018-8020 Improper Certificate Validation vulnerability in multiple products
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses.
network
high complexity
debian apache CWE-295
7.4
2018-07-31 CVE-2018-8019 Improper Certificate Validation vulnerability in multiple products
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses.
network
high complexity
debian apache CWE-295
7.4
2018-01-31 CVE-2017-15698 Improper Certificate Validation vulnerability in multiple products
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes.
network
high complexity
apache debian CWE-295
5.9