Security Alert (A18-08-07): Multiple Vulnerabilities in Apache Tomcat
20 August 2018
Apache Software Foundation has released new versions of Apache Tomcat Native to address multiple vulnerabilities which are caused by the improper handling of invalid Online Certificate Status Protocol (OCSP) responses. The flaw may allow attackers to authenticate with revoked certificates when using mutual TLS.
Apache Tomcat Native versions 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34
Successful exploitation of the vulnerabilities could lead to take control of an affected system.
Administrators of the affected systems should upgrade the Apache Tomcat Native to address the issues. The updates are available at: