Detections
Analytics
Apache Tomcat 7.0.41 < 7.0.90 Security Bypass
high Nessus Network Monitor Plugin ID 700680
Synopsis
The remote Apache Tomcat server is affected by Security Bypass vulnerability.Description
The version of Apache Tomcat installed on the remote host is version 7.0.41 prior to 7.0.90. It is, therefore, affected by following vulnerability:- A security misconfiguration vulnerability exists in Apache Tomcat prior to version 7.0.90. Hostname validation was not enabled by default when using TLS with the WebSocket client (CVE-2018-8034)
Solution
Upgrade to Apache Tomcat version 7.0.90 or later.See Also
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.90
Plugin Details
Severity: High
ID: 700680
Family: Web Servers
Published: 5/13/2019
Updated: 5/13/2019
Nessus ID: 104203
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:apache:tomcat
Patch Publication Date: 7/7/2018
Vulnerability Publication Date: 2/12/2018
Reference Information
CVE: CVE-2018-8034
BID: 111066