CVE-2026-24734
- EPSS 0.11%
- Veröffentlicht 17.02.2026 18:53:12
- Zuletzt bearbeitet 11.03.2026 16:16:29
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response whic...
CVE-2018-8019
- EPSS 0.85%
- Veröffentlicht 31.07.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:13:06
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authe...
CVE-2018-8020
- EPSS 1.5%
- Veröffentlicht 31.07.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:13:06
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly i...
CVE-2017-15698
- EPSS 0.43%
- Veröffentlicht 31.01.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:15:01
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It wa...