QwikSec

Security Database

CVE

CWE

Training

CVE-2017-15698

Published: Jan 31, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.

Vendor	Product	Versions
Apache Software Foundation	Apache Tomcat Native	affected `1.2.0 to 1.2.14` affected `1.1.23 to 1.1.34`

References

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20180211 [SECURITY] [DLA 1276-1] tomcat-native security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_SECTRACK

[announce] 20180131 [SECURITY] CVE-2017-15698 Apache Tomcat Native Connector - OCSP check omitted

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.