Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability

Bugtraq ID:	104936
Class:	Design Error
CVE:	CVE-2018-8019
Remote:	Yes
Local:	No
Published:	Jul 21 2018 12:00AM
Updated:	Nov 08 2018 05:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Bluecoat Content Analysis 2.3 Bluecoat Content Analysis 2.2 Apache Tomcat Native Library 1.2.16 Apache Tomcat Native Library 1.2 Apache Tomcat Native Library 1.1.34 Apache Tomcat Native Library 1.1.30 Apache Tomcat Native Library 1.1.29 Apache Tomcat Native Library 1.1.24 Apache Tomcat Native Library 1.1.23
Not Vulnerable:	Apache Tomcat Native Library 1.2.17

Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability

Apache Tomcat Native Connector is prone to a remote security vulnerability.

An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.

Tomcat Native 1.2.0 through 1.2.16, and 1.1.23 through 1.1.34 are vulnerable.

Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability

References:

• Apache Homepage (Apache)
  
• CVE-2018-8019 Apache Tomcat Native Connector - Mishandled OCSP invalid response (Apache)
  
• SYMSA1463: Apache Tomcat Vulnerabilities Jan-Aug 2018 (Symantec)