vulnerability

Amazon Linux AMI: CVE-2018-8034: Security patch for tomcat8 ((Multiple Advisories))

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Aug 1, 2018
Added
Aug 11, 2018
Modified
Apr 16, 2020

Description

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

Solution(s)

amazon-linux-upgrade--tomcat80amazon-linux-upgrade-tomcat7amazon-linux-upgrade-tomcat8
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.