ID de Prueba:	1.3.6.1.4.1.25623.1.0.891276
Categoría:	Debian Local Security Checks
Título:	Debian LTS: Security Advisory for tomcat-native (DLA-1276-1)
Resumen:	Jonas Klempel discovered that, when parsing the AIA-Extension field of;a client certificate, Apache Tomcat Native did not correctly handle;fields longer than 127 bytes. The result of the parsing error was to;skip the;OCSP check. It was therefore possible for client certificates that;should have been rejected (if the OCSP check had been made) to be;accepted. Users not using OCSP checks are not affected by this;vulnerability.
Descripción:	Summary: Jonas Klempel discovered that, when parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability. Affected Software/OS: tomcat-native on Debian Linux Solution: For Debian 7 'Wheezy', these problems have been fixed in version 1.1.24-1+deb7u1. We recommend that you upgrade your tomcat-native packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-15698
Copyright	Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.