VYPR

rpm package

suse/libtcnative-1-0&distro=SUSE Linux Enterprise Point of Sale 11 SP3

pkg:rpm/suse/libtcnative-1-0&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3

Vulnerabilities (3)

  • CVE-2018-8020HigJul 31, 2018
    affected < 1.3.4-12.5.5.2fixed 1.3.4-12.5.5.2

    Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users

  • CVE-2018-8019HigJul 31, 2018
    affected < 1.3.4-12.5.5.2fixed 1.3.4-12.5.5.2

    When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certifica

  • CVE-2017-15698MedJan 31, 2018
    affected < 1.3.4-12.5.5.2fixed 1.3.4-12.5.5.2

    When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for clien