CVE-2018-1336
high-risk
Published 2018-08-02
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
Do I need to act?
!
18.6% chance of exploitation in next 30 days
EPSS score — higher than 81% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
References (76)
Third Party Advisory
http://www.securityfocus.com/bid/104898
Third Party Advisory
http://www.securitytracker.com/id/1041375
Third Party Advisory
https://access.redhat.com/errata/RHEA-2018:2188
Third Party Advisory
https://access.redhat.com/errata/RHEA-2018:2189
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2700
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2701
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2740
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2741
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2742
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2743
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2921
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2930
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2939
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2945
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3768
and 56 more references
63
/ 100
high-risk
Severity
26/34 · High
Exploitability
13/34 · Low
Exposure
24/34 · High