vulnerability
CentOS Linux: CVE-2018-8034: Important: pki-deps:10.6 security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Aug 1, 2018 | Aug 28, 2019 | May 25, 2023 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Aug 1, 2018
Added
Aug 28, 2019
Modified
May 25, 2023
Description
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
Solutions
centos-upgrade-apache-commons-collectionscentos-upgrade-apache-commons-langcentos-upgrade-bea-stax-apicentos-upgrade-glassfish-fastinfosetcentos-upgrade-glassfish-jaxb-apicentos-upgrade-glassfish-jaxb-corecentos-upgrade-glassfish-jaxb-runtimecentos-upgrade-glassfish-jaxb-txw2centos-upgrade-jackson-annotationscentos-upgrade-jackson-corecentos-upgrade-jackson-databindcentos-upgrade-jackson-jaxrs-json-providercentos-upgrade-jackson-jaxrs-providerscentos-upgrade-jackson-module-jaxb-annotationscentos-upgrade-jakarta-commons-httpclientcentos-upgrade-javassistcentos-upgrade-javassist-javadoccentos-upgrade-pki-servlet-4-0-apicentos-upgrade-pki-servlet-containercentos-upgrade-python-nss-debugsourcecentos-upgrade-python-nss-doccentos-upgrade-python3-nsscentos-upgrade-python3-nss-debuginfocentos-upgrade-relaxngdatatypecentos-upgrade-resteasycentos-upgrade-slf4jcentos-upgrade-slf4j-jdk14centos-upgrade-stax-excentos-upgrade-tomcatcentos-upgrade-tomcat-admin-webappscentos-upgrade-tomcat-docs-webappcentos-upgrade-tomcat-el-2-2-apicentos-upgrade-tomcat-javadoccentos-upgrade-tomcat-jsp-2-2-apicentos-upgrade-tomcat-jsvccentos-upgrade-tomcat-libcentos-upgrade-tomcat-servlet-3-0-apicentos-upgrade-tomcat-webappscentos-upgrade-velocitycentos-upgrade-xalan-j2centos-upgrade-xerces-j2centos-upgrade-xml-commons-apiscentos-upgrade-xml-commons-resolvercentos-upgrade-xmlstreambuffercentos-upgrade-xsom
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.