High severity7.4NVD Advisory· Published Jul 31, 2018· Updated Jun 17, 2026
CVE-2018-8020
CVE-2018-8020
Description
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4>=1.1.23 <=1.1.34, >=1.2.0 <=1.2.16+ 1 more
- (no CPE)range: >=1.1.23 <=1.1.34, >=1.2.0 <=1.2.16
- (no CPE)range: 1.2.0 to 1.2.16
- osv-coords2 versionspkg:rpm/suse/libtcnative-1-0&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/libtcnative-1-0&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
< 1.3.4-12.5.5.2+ 1 more
- (no CPE)range: < 1.3.4-12.5.5.2
- (no CPE)range: < 1.3.4-12.5.5.2
Patches
Vulnerability mechanics
References
13- www.securityfocus.com/bid/104934nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041507nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:2469nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2470nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/08/msg00023.htmlnvdMailing ListThird Party Advisory
- mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721101944.GA45239%40minotaur.apache.org%3Envd
- lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc%40%3Cdev.rocketmq.apache.org%3Envd
- lists.apache.org/thread.html/rb25b42f666d2cac5e6e6b3f771faf60d1f1aa58073dcdd8db14edf8a%40%3Cdev.rocketmq.apache.org%3Envd
- lists.apache.org/thread.html/rcddf723a4b4117f8ed6042e9ac25e8c5110a617bab77694b61b14833%40%3Cdev.rocketmq.apache.org%3Envd
- lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3Envd
News mentions
0No linked articles in our index yet.