Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2018-8034: ELSA-2019-2205: tomcat security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Oracle Linux: CVE-2018-8034: ELSA-2019-2205: tomcat security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

07/22/2018

Created

08/15/2019

Added

08/15/2019

Modified

07/22/2024

Description

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

Solution(s)

oracle-linux-upgrade-apache-commons-collections
oracle-linux-upgrade-apache-commons-lang
oracle-linux-upgrade-bea-stax-api
oracle-linux-upgrade-glassfish-fastinfoset
oracle-linux-upgrade-glassfish-jaxb-api
oracle-linux-upgrade-glassfish-jaxb-core
oracle-linux-upgrade-glassfish-jaxb-runtime
oracle-linux-upgrade-glassfish-jaxb-txw2
oracle-linux-upgrade-jackson-annotations
oracle-linux-upgrade-jackson-core
oracle-linux-upgrade-jackson-databind
oracle-linux-upgrade-jackson-jaxrs-json-provider
oracle-linux-upgrade-jackson-jaxrs-providers
oracle-linux-upgrade-jackson-module-jaxb-annotations
oracle-linux-upgrade-jakarta-commons-httpclient
oracle-linux-upgrade-javassist
oracle-linux-upgrade-javassist-javadoc
oracle-linux-upgrade-kernel-uek-devel
oracle-linux-upgrade-kernel-uek-tools-libs
oracle-linux-upgrade-pki-servlet-4-0-api
oracle-linux-upgrade-pki-servlet-container
oracle-linux-upgrade-python3-nss
oracle-linux-upgrade-python-nss-doc
oracle-linux-upgrade-relaxngdatatype
oracle-linux-upgrade-resteasy
oracle-linux-upgrade-slf4j
oracle-linux-upgrade-slf4j-jdk14
oracle-linux-upgrade-stax-ex
oracle-linux-upgrade-tomcat
oracle-linux-upgrade-tomcat-admin-webapps
oracle-linux-upgrade-tomcat-docs-webapp
oracle-linux-upgrade-tomcat-el-2-2-api
oracle-linux-upgrade-tomcat-javadoc
oracle-linux-upgrade-tomcat-jsp-2-2-api
oracle-linux-upgrade-tomcat-jsvc
oracle-linux-upgrade-tomcat-lib
oracle-linux-upgrade-tomcat-servlet-3-0-api
oracle-linux-upgrade-tomcat-webapps
oracle-linux-upgrade-velocity
oracle-linux-upgrade-xalan-j2
oracle-linux-upgrade-xerces-j2
oracle-linux-upgrade-xml-commons-apis
oracle-linux-upgrade-xml-commons-resolver
oracle-linux-upgrade-xmlstreambuffer
oracle-linux-upgrade-xsom

References

https://attackerkb.com/topics/cve-2018-8034
CVE - 2018-8034
ELSA-2019-2205
ELSA-2019-1529

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2018-8034: ELSA-2019-2205: tomcat security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Oracle Linux: CVE-2018-8034: ELSA-2019-2205: tomcat security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.