Flaw affecting tomcat 8.0.0.RC1 to 8.0.52 and 9.0.0.M1 to 9.0.9 . The host name verification when using TLS with the WebSocket client was not enabled by default. Upstream patch: http://svn.apache.org/viewvc?view=revision&revision=1833757 http://svn.apache.org/viewvc?view=rev&rev=1833759 References: https://tomcat.apache.org/security-8.html https://tomcat.apache.org/security-9.html
Created tomcat tracking bugs for this issue: Affects: epel-all [bug 1607587] Affects: fedora-all [bug 1607586]
Tomcat 7.0.35 to 7.0.88.
Statement: Tomcat 6, and Red Hat products shipping it, are not affected by this CVE. Tomcat 7, 8, and 9, as well as Red Hat Products shipping them, are affected. Affected products, including Red Hat JBoss Web Server 3 and 5, Enterprise Application Server 6, and Fuse 7, may provide fixes for this issue in a future release.
This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2019:0130 https://access.redhat.com/errata/RHSA-2019:0130
This issue has been addressed in the following products: Red Hat JBoss Web Server 3 for RHEL 6 Red Hat JBoss Web Server 3 for RHEL 7 Via RHSA-2019:0131 https://access.redhat.com/errata/RHSA-2019:0131
This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2019:0450 https://access.redhat.com/errata/RHSA-2019:0450
This issue has been addressed in the following products: Red Hat JBoss Web Server 5.0 on RHEL 6 Red Hat JBoss Web Server 5.0 on RHEL 7 Via RHSA-2019:0451 https://access.redhat.com/errata/RHSA-2019:0451
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Via RHSA-2019:1159 https://access.redhat.com/errata/RHSA-2019:1159
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2019:1161 https://access.redhat.com/errata/RHSA-2019:1161
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2019:1160 https://access.redhat.com/errata/RHSA-2019:1160
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2019:1162 https://access.redhat.com/errata/RHSA-2019:1162
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1529 https://access.redhat.com/errata/RHSA-2019:1529
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2205 https://access.redhat.com/errata/RHSA-2019:2205
This issue has been addressed in the following products: Red Hat Fuse 7.5.0 Via RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:3892