Oval Definition:oval:com.ubuntu.disco:def:2017156980000000
Revision Date:2018-01-31Version:1
Title:CVE-2017-15698 on Ubuntu 19.04 (disco) - medium.
Description:When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-15698
Platform(s):Ubuntu 19.04
Product(s):
Definition Synopsis
  • Ubuntu 19.04 (disco) is installed.
  • AND tomcat-native package in disco, is related to the CVE in some way and has been fixed (note: '1.2.16-1').
  • BACK