Bug 1607580 (CVE-2018-8034)
Summary: | CVE-2018-8034 tomcat: Host name verification missing in WebSocket client | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | aileenc, alazarot, alee, anstephe, avibelli, bgeorges, bmaxwell, cdewolf, chazlett, cmoulliard, coolsvap, csutherl, darran.lofthouse, dimitris, dosoudil, drieden, etirelli, fgavrilo, gvarsami, gzaronik, hhorak, ibek, ikanello, ivan.afonichev, java-sig-commits, jawilson, jbalunas, jclere, jcoleman, jdoyle, jolee, jondruse, jorton, jpallich, jschatte, jshepherd, jstastny, kconner, krathod, krzysztof.daniel, ksuzumur, kverlaen, ldimaggi, lgao, loleary, lpetrovi, lthon, mbabacek, mizdebsk, mszynkie, myarboro, nwallace, paradhya, pgallagh, pgier, pjurak, ppalaga, psakar, pslavice, rhcs-maint, rnetuka, rrajasek, rruss, rstancel, rsvoboda, rsynek, rwagner, rzhang, sdaley, spinder, sstavrev, tcunning, theute, tkirby, trogers, twalsh, vhalbert, vtunka, weli, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | tomcat 8.0.53, tomcat 8.5.32, tomcat 9.0.10, tomcat 7.0.90 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 10:33:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1607586, 1607587, 1608605, 1608606, 1608609, 1608653, 1608654, 1658846, 1711341 | ||
Bug Blocks: | 1607593 |
Description
Pedro Sampaio
2018-07-23 19:15:58 UTC
Created tomcat tracking bugs for this issue: Affects: epel-all [bug 1607587] Affects: fedora-all [bug 1607586] Tomcat 7.0.35 to 7.0.88. Statement: Tomcat 6, and Red Hat products shipping it, are not affected by this CVE. Tomcat 7, 8, and 9, as well as Red Hat Products shipping them, are affected. Affected products, including Red Hat JBoss Web Server 3 and 5, Enterprise Application Server 6, and Fuse 7, may provide fixes for this issue in a future release. This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2019:0130 https://access.redhat.com/errata/RHSA-2019:0130 This issue has been addressed in the following products: Red Hat JBoss Web Server 3 for RHEL 6 Red Hat JBoss Web Server 3 for RHEL 7 Via RHSA-2019:0131 https://access.redhat.com/errata/RHSA-2019:0131 This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2019:0450 https://access.redhat.com/errata/RHSA-2019:0450 This issue has been addressed in the following products: Red Hat JBoss Web Server 5.0 on RHEL 6 Red Hat JBoss Web Server 5.0 on RHEL 7 Via RHSA-2019:0451 https://access.redhat.com/errata/RHSA-2019:0451 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Via RHSA-2019:1159 https://access.redhat.com/errata/RHSA-2019:1159 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2019:1161 https://access.redhat.com/errata/RHSA-2019:1161 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2019:1160 https://access.redhat.com/errata/RHSA-2019:1160 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2019:1162 https://access.redhat.com/errata/RHSA-2019:1162 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1529 https://access.redhat.com/errata/RHSA-2019:1529 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2205 https://access.redhat.com/errata/RHSA-2019:2205 This issue has been addressed in the following products: Red Hat Fuse 7.5.0 Via RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:3892 |