CVE-2018-8034 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Affected Products (NVD)

Vendor	Product	Version
apache	tomcat	7.0.35 ≤ 𝑥 ≤ 7.0.88
apache	tomcat	8.0.0 ≤ 𝑥 ≤ 8.0.52
apache	tomcat	8.5.0 ≤ 𝑥 ≤ 8.5.31
apache	tomcat	9.0.1 ≤ 𝑥 ≤ 9.0.9
apache	tomcat	8.0.0:rc1
apache	tomcat	8.0.0:rc10
apache	tomcat	8.0.0:rc2
apache	tomcat	8.0.0:rc3
apache	tomcat	8.0.0:rc4
apache	tomcat	8.0.0:rc5
apache	tomcat	8.0.0:rc6
apache	tomcat	8.0.0:rc7
apache	tomcat	8.0.0:rc8
apache	tomcat	8.0.0:rc9
apache	tomcat	9.0.0:milestone1
apache	tomcat	9.0.0:milestone10
apache	tomcat	9.0.0:milestone11
apache	tomcat	9.0.0:milestone12
apache	tomcat	9.0.0:milestone13
apache	tomcat	9.0.0:milestone14
apache	tomcat	9.0.0:milestone15
apache	tomcat	9.0.0:milestone16
apache	tomcat	9.0.0:milestone17
apache	tomcat	9.0.0:milestone18
apache	tomcat	9.0.0:milestone19
apache	tomcat	9.0.0:milestone2
apache	tomcat	9.0.0:milestone20
apache	tomcat	9.0.0:milestone21
apache	tomcat	9.0.0:milestone22
apache	tomcat	9.0.0:milestone23
apache	tomcat	9.0.0:milestone24
apache	tomcat	9.0.0:milestone25
apache	tomcat	9.0.0:milestone26
apache	tomcat	9.0.0:milestone27
apache	tomcat	9.0.0:milestone3
apache	tomcat	9.0.0:milestone4
apache	tomcat	9.0.0:milestone5
apache	tomcat	9.0.0:milestone6
apache	tomcat	9.0.0:milestone7
apache	tomcat	9.0.0:milestone8
apache	tomcat	9.0.0:milestone9
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
debian	debian_linux	8.0
debian	debian_linux	9.0
oracle	retail_order_broker	5.1
oracle	retail_order_broker	5.2
oracle	retail_order_broker	15.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat9

bookworm	9.0.70-2 fixed
bullseye	9.0.43-2~deb11u10 fixed
bullseye (security)	9.0.43-2~deb11u10 fixed
sid	9.0.95-1 fixed
trixie	9.0.95-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

tomcat7

bionic	not-affected
cosmic	not-affected
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
mantic	dne
noble	dne
trusty	Fixed 7.0.52-1ubuntu0.15 released
xenial	needed

tomcat8

bionic	Fixed 8.5.39-1ubuntu1~18.04.1 released
cosmic	not-affected
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
mantic	dne
noble	dne
trusty	dne
xenial	Fixed 8.0.32-1ubuntu1.7 released

tomcat8.0

bionic	dne
cosmic	dne
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-295 - Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate.

References

http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/104895

http://www.securitytracker.com/id/1041374

https://access.redhat.com/errata/RHSA-2019:0130

https://access.redhat.com/errata/RHSA-2019:0131

https://access.redhat.com/errata/RHSA-2019:0450

https://access.redhat.com/errata/RHSA-2019:0451

https://access.redhat.com/errata/RHSA-2019:1159

https://access.redhat.com/errata/RHSA-2019:1160

https://access.redhat.com/errata/RHSA-2019:1161

https://access.redhat.com/errata/RHSA-2019:1162

https://access.redhat.com/errata/RHSA-2019:1529

https://access.redhat.com/errata/RHSA-2019:2205

https://access.redhat.com/errata/RHSA-2019:3892

https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html

https://security.netapp.com/advisory/ntap-20180817-0001/

https://usn.ubuntu.com/3723-1/

https://www.debian.org/security/2018/dsa-4281

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/104895

http://www.securitytracker.com/id/1041374

https://access.redhat.com/errata/RHSA-2019:0130

https://access.redhat.com/errata/RHSA-2019:0131

https://access.redhat.com/errata/RHSA-2019:0450

https://access.redhat.com/errata/RHSA-2019:0451

https://access.redhat.com/errata/RHSA-2019:1159

https://access.redhat.com/errata/RHSA-2019:1160

https://access.redhat.com/errata/RHSA-2019:1161

https://access.redhat.com/errata/RHSA-2019:1162

https://access.redhat.com/errata/RHSA-2019:1529

https://access.redhat.com/errata/RHSA-2019:2205

https://access.redhat.com/errata/RHSA-2019:3892

https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html

https://security.netapp.com/advisory/ntap-20180817-0001/

https://usn.ubuntu.com/3723-1/

https://www.debian.org/security/2018/dsa-4281

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html