Apache Tomcat Native security updates

The Apache Software Foundation has released security updates to address multiple vulnerabilities in Apache Tomcat Native.

Two vulnerabilities were fixed in Apache Tomcat Native Connector 1.2.17 – Mishandled OCSP invalid response (CVE-2018-8019) and Mishandled OCSP responses can allow clients to authenticate with revoked certificates (CVE-2018-8020). 

Another moderate vulnerability, OCSP check omitted (CVE-2017-15698), was also fixed in Apache Tomcat Native Connector 1.2.16.

Leave a Reply

Close Menu