ID de Prueba:	1.3.6.1.4.1.25623.1.0.813742
Categoría:	Web Servers
Título:	Apache Tomcat 'Hostname Verification' Security Bypass Vulnerability (Windows)
Resumen:	Apache Tomcat is prone to a security bypass vulnerability.
Descripción:	Summary: Apache Tomcat is prone to a security bypass vulnerability. Vulnerability Insight: The flaw exists due to a missing host name verification when using TLS with the WebSocket client. Vulnerability Impact: Successful exploitation will allow an attacker to bypass certain security restrictions and perform unauthorized actions. Affected Software/OS: Apache Tomcat versions 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52 and 7.0.35 to 7.0.88 on Windows. Solution: Upgrade to Apache Tomcat version 9.0.10 or 8.5.32 or 8.0.53 or 7.0.90 or later. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-8034 BugTraq ID: 104895 http://www.securityfocus.com/bid/104895 Debian Security Information: DSA-4281 (Google Search) https://www.debian.org/security/2018/dsa-4281 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E RedHat Security Advisories: RHSA-2019:0130 https://access.redhat.com/errata/RHSA-2019:0130 RedHat Security Advisories: RHSA-2019:0131 https://access.redhat.com/errata/RHSA-2019:0131 RedHat Security Advisories: RHSA-2019:0450 https://access.redhat.com/errata/RHSA-2019:0450 RedHat Security Advisories: RHSA-2019:0451 https://access.redhat.com/errata/RHSA-2019:0451 RedHat Security Advisories: RHSA-2019:1159 https://access.redhat.com/errata/RHSA-2019:1159 RedHat Security Advisories: RHSA-2019:1160 https://access.redhat.com/errata/RHSA-2019:1160 RedHat Security Advisories: RHSA-2019:1161 https://access.redhat.com/errata/RHSA-2019:1161 RedHat Security Advisories: RHSA-2019:1162 https://access.redhat.com/errata/RHSA-2019:1162 RedHat Security Advisories: RHSA-2019:1529 https://access.redhat.com/errata/RHSA-2019:1529 RedHat Security Advisories: RHSA-2019:2205 https://access.redhat.com/errata/RHSA-2019:2205 RedHat Security Advisories: RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:3892 http://www.securitytracker.com/id/1041374 https://usn.ubuntu.com/3723-1/
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.