High severity7.4NVD Advisory· Published Jul 31, 2018· Updated Jun 17, 2026
CVE-2018-8019
CVE-2018-8019
Description
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
41.2.0 <= x <= 1.2.16, 1.1.23 <= x <= 1.1.34+ 1 more
- (no CPE)range: 1.2.0 <= x <= 1.2.16, 1.1.23 <= x <= 1.1.34
- (no CPE)range: 1.2.0 to 1.2.16
- osv-coords2 versionspkg:rpm/suse/libtcnative-1-0&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/libtcnative-1-0&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
< 1.3.4-12.5.5.2+ 1 more
- (no CPE)range: < 1.3.4-12.5.5.2
- (no CPE)range: < 1.3.4-12.5.5.2
Patches
Vulnerability mechanics
References
10- mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3EnvdMitigationVendor Advisory
- www.securityfocus.com/bid/104936nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041507nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:2469nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2470nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/08/msg00023.htmlnvdThird Party Advisory
- lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3Envd
News mentions
0No linked articles in our index yet.