Skip to main content
M
Marko7239293
Inspiring
September 19, 2018
Question

Tomcat Vulnerability in ver 8.0.5

  • September 19, 2018
  • 1 reply
  • 649 views

Does anyone know if the most recent release of Adobe Connect is affected by the Tomcat vulnerability found in many version including ver 8.0.5. Tomcat 8.0.5 is included in the latest version of Connect so I have great concern.

Here is additional info on the vulnerability and the Tomcat versions it affects:

https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2018/av18-121-en.aspx

    This topic has been closed for replies.

    1 reply

    Thomas Gunter-Kremers
    Thomas Gunter-Kremers
    Participating Frequently
    September 19, 2018

    9.8 included the upgrade to 8.0.50

    Adobe Connect 9.8 Release Notes

    M
    Marko7239293Author
    Inspiring
    September 19, 2018

    Thanks Thomas,

    However, Tomcat version 8.0.50 is the version that has the security vulnerability.

    M
    Marko7239293Author
    Inspiring
    September 20, 2018

    Here are the specific Tomcat vulnerabilities. Adobe recommends not attempting to patch Tomcat independently from Connect as this may break the installation so not sure what to do. Notice the affected versions include the one that comes with Adobe Connect 9.8.1

    CVE-2018-1336

    An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

    CVE-2018-8034

    The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices