EPSS
Percentile
87.6%
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
bugzilla.redhat.com/show_bug.cgi?id=1607580
www.cve.org/CVERecord?id=CVE-2018-8034 https://nvd.nist.gov/vuln/detail/CVE-2018-8034