PublicDateAtUSN: 2018-07-24
Candidate: CVE-2018-8034
PublicDate: 2018-08-01 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8034
 https://ubuntu.com/security/notices/USN-3723-1
Description:
 The host name verification when using TLS with the WebSocket client was
 missing. It is now enabled by default. Versions Affected: Apache Tomcat
 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to
 7.0.88.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802312
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_tomcat7:
 upstream: https://svn.apache.org/r1833760 (7.0.x)
upstream_tomcat7: released (7.0.72-3)
precise/esm_tomcat7: DNE
trusty_tomcat7: released (7.0.52-1ubuntu0.15)
trusty/esm_tomcat7: released (7.0.52-1ubuntu0.15)
xenial_tomcat7: ignored (end of standard support, was needed)
bionic_tomcat7: not-affected (7.0.78-1)
cosmic_tomcat7: not-affected
disco_tomcat7: DNE
eoan_tomcat7: DNE
focal_tomcat7: DNE
groovy_tomcat7: DNE
hirsute_tomcat7: DNE
impish_tomcat7: DNE
jammy_tomcat7: DNE
devel_tomcat7: DNE

Patches_tomcat8.0:
 upstream: https://svn.apache.org/r1833759 (8.0.x)
upstream_tomcat8.0: released (8.0.53)
precise/esm_tomcat8.0: DNE
trusty_tomcat8.0: DNE
trusty/esm_tomcat8.0: DNE
xenial_tomcat8.0: DNE
bionic_tomcat8.0: DNE
cosmic_tomcat8.0: DNE
disco_tomcat8.0: DNE
eoan_tomcat8.0: DNE
focal_tomcat8.0: DNE
groovy_tomcat8.0: DNE
hirsute_tomcat8.0: DNE
impish_tomcat8.0: DNE
jammy_tomcat8.0: DNE
devel_tomcat8.0: DNE

Patches_tomcat8:
 upstream: https://svn.apache.org/r1833758 (8.5.x)
 upstream: https://svn.apache.org/r1833759 (8.0.x)
upstream_tomcat8: released (8.5.32-1,8.0.53)
precise/esm_tomcat8: DNE
trusty_tomcat8: DNE
trusty/esm_tomcat8: DNE
xenial_tomcat8: released (8.0.32-1ubuntu1.7)
esm-infra/xenial_tomcat8: released (8.0.32-1ubuntu1.7)
bionic_tomcat8: released (8.5.39-1ubuntu1~18.04.1)
cosmic_tomcat8: not-affected (8.5.32-1ubuntu2)
disco_tomcat8: DNE
eoan_tomcat8: DNE
focal_tomcat8: DNE
groovy_tomcat8: DNE
hirsute_tomcat8: DNE
impish_tomcat8: DNE
jammy_tomcat8: DNE
devel_tomcat8: DNE