[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-8020":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":29,"downstream":30,"duplicates":43,"related":44,"reserved_at":9,"published_at":47,"modified_at":48,"state":49,"summary":50,"references_raw":59,"kevs":121,"epss":122,"epss_history":125,"metrics":385,"affected":396},"CVE-2018-8020","Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-295","Improper Certificate Validation","The product does not validate, or incorrectly validates, a certificate.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-459","Creating a Rogue Certification Authority Certificate",[],{"id":24,"name":25,"techniques":26},"CAPEC-475","Signature Spoofing by Improper Validation",[],[],[],[],[31,33,35,37,39,41],{"_key":32},"UBUNTU-CVE-2018-8020",{"_key":34},"SUSE-SU-2019:14014-1",{"_key":36},"DLA-1475-1",{"_key":38},"RHSA-2018:2469",{"_key":40},"MGASA-2019-0184",{"_key":42},"DEBIAN-CVE-2018-8020",[],[45,46],{"_key":34},{"_key":40},"2018-07-31T13:00:00.000Z","2024-09-17T01:20:59.717Z","Modified",{"cisa_kev":51,"cisa_ransomware":51,"cisa_vendor":9,"epss_severity":52,"epss_score":53,"severity":54,"severity_score":55,"severity_version":56,"severity_source":57,"severity_vector":58,"severity_status":49},false,"low",0.01502,"high",7.4,"v3.0","nvd","CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",[60,67,74,80,84,88,93,97,101,105,109,113,117],{"url":61,"sources":62,"tags":64},"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721101944.GA45239%40minotaur.apache.org%3E",[63,57],"cve.org",[65,66],"Mailing List","X Refsource MLIST",{"url":68,"sources":69,"tags":70},"https://access.redhat.com/errata/RHSA-2018:2469",[63,57],[71,72,73],"Vendor Advisory","X Refsource REDHAT","Third Party Advisory",{"url":75,"sources":76,"tags":77},"http://www.securityfocus.com/bid/104934",[63,57],[78,79,73],"VDB Entry","X Refsource BID",{"url":81,"sources":82,"tags":83},"https://lists.debian.org/debian-lts-announce/2018/08/msg00023.html",[63,57],[65,66,73],{"url":85,"sources":86,"tags":87},"https://access.redhat.com/errata/RHSA-2018:2470",[63,57],[71,72,73],{"url":89,"sources":90,"tags":91},"http://www.securitytracker.com/id/1041507",[63,57],[78,92,73],"X Refsource SECTRACK",{"url":94,"sources":95,"tags":96},"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",[63,57],[65,66],{"url":98,"sources":99,"tags":100},"https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E",[63,57],[65,66],{"url":102,"sources":103,"tags":104},"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",[63,57],[65,66],{"url":106,"sources":107,"tags":108},"https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E",[63,57],[65,66],{"url":110,"sources":111,"tags":112},"https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc%40%3Cdev.rocketmq.apache.org%3E",[63,57],[65,66],{"url":114,"sources":115,"tags":116},"https://lists.apache.org/thread.html/rcddf723a4b4117f8ed6042e9ac25e8c5110a617bab77694b61b14833%40%3Cdev.rocketmq.apache.org%3E",[63,57],[65,66],{"url":118,"sources":119,"tags":120},"https://lists.apache.org/thread.html/rb25b42f666d2cac5e6e6b3f771faf60d1f1aa58073dcdd8db14edf8a%40%3Cdev.rocketmq.apache.org%3E",[63,57],[65,66],[],{"date":123,"score":53,"percentile":124},"2026-06-04",0.81476,[126,130,133,136,139,142,145,148,151,154,157,160,163,166,169,173,176,179,182,185,188,191,194,196,199,202,205,208,211,214,216,219,222,225,227,230,233,236,239,242,245,248,251,254,256,259,262,265,268,271,273,276,279,281,284,287,289,292,295,298,301,304,307,309,312,315,317,320,323,326,329,331,334,337,340,343,346,348,351,354,357,360,363,366,368,371,374,377,380,382],{"date":127,"score":128,"percentile":129},"2025-11-04",0.01582,0.8096,{"date":131,"score":128,"percentile":132},"2025-11-05",0.80962,{"date":134,"score":128,"percentile":135},"2025-11-06",0.80963,{"date":137,"score":128,"percentile":138},"2025-11-07",0.80974,{"date":140,"score":128,"percentile":141},"2025-11-08",0.80982,{"date":143,"score":128,"percentile":144},"2025-11-09",0.80979,{"date":146,"score":128,"percentile":147},"2025-11-10",0.80973,{"date":149,"score":128,"percentile":150},"2025-11-11",0.80978,{"date":152,"score":128,"percentile":153},"2025-11-12",0.8099,{"date":155,"score":128,"percentile":156},"2025-11-13",0.80996,{"date":158,"score":128,"percentile":159},"2025-11-14",0.81001,{"date":161,"score":128,"percentile":162},"2025-11-15",0.80998,{"date":164,"score":128,"percentile":165},"2025-11-16",0.80997,{"date":167,"score":128,"percentile":168},"2025-11-17",0.80995,{"date":170,"score":171,"percentile":172},"2025-11-18",0.0176,0.81111,{"date":174,"score":171,"percentile":175},"2025-11-19",0.81112,{"date":177,"score":171,"percentile":178},"2025-11-20",0.81115,{"date":180,"score":128,"percentile":181},"2025-11-21",0.81011,{"date":183,"score":128,"percentile":184},"2025-11-22",0.81015,{"date":186,"score":128,"percentile":187},"2025-11-23",0.81005,{"date":189,"score":128,"percentile":190},"2025-11-24",0.81006,{"date":192,"score":128,"percentile":193},"2025-11-25",0.81009,{"date":195,"score":128,"percentile":181},"2025-11-26",{"date":197,"score":128,"percentile":198},"2025-11-27",0.81017,{"date":200,"score":128,"percentile":201},"2025-11-28",0.81007,{"date":203,"score":128,"percentile":204},"2025-11-29",0.81014,{"date":206,"score":128,"percentile":207},"2025-11-30",0.81018,{"date":209,"score":128,"percentile":210},"2025-12-01",0.81103,{"date":212,"score":128,"percentile":213},"2025-12-02",0.81106,{"date":215,"score":128,"percentile":213},"2025-12-03",{"date":217,"score":128,"percentile":218},"2025-12-04",0.81019,{"date":220,"score":128,"percentile":221},"2025-12-05",0.81027,{"date":223,"score":128,"percentile":224},"2025-12-06",0.81028,{"date":226,"score":128,"percentile":221},"2025-12-07",{"date":228,"score":128,"percentile":229},"2025-12-08",0.81029,{"date":231,"score":128,"percentile":232},"2025-12-09",0.81044,{"date":234,"score":128,"percentile":235},"2025-12-10",0.8107,{"date":237,"score":128,"percentile":238},"2025-12-11",0.8108,{"date":240,"score":128,"percentile":241},"2025-12-12",0.81094,{"date":243,"score":128,"percentile":244},"2025-12-13",0.81093,{"date":246,"score":128,"percentile":247},"2025-12-14",0.81088,{"date":249,"score":128,"percentile":250},"2025-12-15",0.81086,{"date":252,"score":128,"percentile":253},"2025-12-16",0.81097,{"date":255,"score":128,"percentile":213},"2025-12-17",{"date":257,"score":128,"percentile":258},"2025-12-18",0.81125,{"date":260,"score":128,"percentile":261},"2025-12-19",0.81132,{"date":263,"score":128,"percentile":264},"2025-12-20",0.81126,{"date":266,"score":128,"percentile":267},"2025-12-21",0.81121,{"date":269,"score":128,"percentile":270},"2025-12-22",0.81119,{"date":272,"score":128,"percentile":267},"2025-12-23",{"date":274,"score":128,"percentile":275},"2025-12-24",0.81134,{"date":277,"score":128,"percentile":278},"2025-12-25",0.8115,{"date":280,"score":128,"percentile":278},"2025-12-26",{"date":282,"score":128,"percentile":283},"2025-12-27",0.81184,{"date":285,"score":128,"percentile":286},"2025-12-28",0.81137,{"date":288,"score":128,"percentile":275},"2025-12-29",{"date":290,"score":128,"percentile":291},"2025-12-30",0.81141,{"date":293,"score":128,"percentile":294},"2025-12-31",0.81155,{"date":296,"score":128,"percentile":297},"2026-01-01",0.81232,{"date":299,"score":128,"percentile":300},"2026-01-02",0.81225,{"date":302,"score":128,"percentile":303},"2026-01-03",0.8122,{"date":305,"score":128,"percentile":306},"2026-01-04",0.8113,{"date":308,"score":128,"percentile":258},"2026-01-05",{"date":310,"score":128,"percentile":311},"2026-01-06",0.81129,{"date":313,"score":128,"percentile":314},"2026-01-07",0.81131,{"date":316,"score":128,"percentile":291},"2026-01-08",{"date":318,"score":128,"percentile":319},"2026-01-09",0.81142,{"date":321,"score":128,"percentile":322},"2026-01-10",0.81143,{"date":324,"score":128,"percentile":325},"2026-01-11",0.81136,{"date":327,"score":128,"percentile":328},"2026-01-12",0.81127,{"date":330,"score":128,"percentile":258},"2026-01-13",{"date":332,"score":128,"percentile":333},"2026-01-14",0.81146,{"date":335,"score":128,"percentile":336},"2026-01-15",0.81149,{"date":338,"score":128,"percentile":339},"2026-01-16",0.81159,{"date":341,"score":128,"percentile":342},"2026-01-17",0.81165,{"date":344,"score":128,"percentile":345},"2026-01-18",0.81156,{"date":347,"score":128,"percentile":278},"2026-01-19",{"date":349,"score":128,"percentile":350},"2026-01-20",0.81153,{"date":352,"score":128,"percentile":353},"2026-01-21",0.8116,{"date":355,"score":128,"percentile":356},"2026-01-22",0.81169,{"date":358,"score":128,"percentile":359},"2026-01-23",0.81194,{"date":361,"score":128,"percentile":362},"2026-01-24",0.81203,{"date":364,"score":128,"percentile":365},"2026-01-25",0.81199,{"date":367,"score":128,"percentile":365},"2026-01-26",{"date":369,"score":128,"percentile":370},"2026-01-27",0.81202,{"date":372,"score":128,"percentile":373},"2026-01-28",0.812,{"date":375,"score":128,"percentile":376},"2026-01-29",0.81197,{"date":378,"score":128,"percentile":379},"2026-01-30",0.81195,{"date":381,"score":128,"percentile":362},"2026-01-31",{"date":383,"score":128,"percentile":384},"2026-02-01",0.81289,[386],{"source":57,"cvss_v2_0":387,"cvss_v3_0":392,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":388,"baseSeverity":9,"vectorString":389,"impactScore":390,"exploitabilityScore":391},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":55,"baseSeverity":393,"vectorString":58,"impactScore":394,"exploitabilityScore":395},"HIGH",8.7,5.6,[397,408,423],{"ecosystem":9,"name":398,"vendor":399,"product":400,"cpe_part":401,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":402},"Apache Tomcat Native","apache software foundation","apache tomcat native","a",[403,406],{"version":404,"is_range":51,"range_type":63,"version_start":404,"version_start_type":405,"version_end":404,"version_end_type":405,"fixed_in":9},"1.2.0 to 1.2.16","including",{"version":407,"is_range":51,"range_type":63,"version_start":407,"version_start_type":405,"version_end":407,"version_end_type":405,"fixed_in":9},"1.1.23 to 1.1.34",{"ecosystem":9,"name":409,"vendor":410,"product":411,"cpe_part":401,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":412},"tomcat native","apache","tomcat_native",[413,419],{"version":414,"is_range":415,"range_type":416,"version_start":417,"version_start_type":405,"version_end":418,"version_end_type":405,"fixed_in":9},"gte1.1.23_lte1.1.34",true,"cpe","1.1.23","1.1.34",{"version":420,"is_range":415,"range_type":416,"version_start":421,"version_start_type":405,"version_end":422,"version_end_type":405,"fixed_in":9},"gte1.2.0_lte1.2.16","1.2.0","1.2.16",{"ecosystem":9,"name":424,"vendor":425,"product":426,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"debian linux","debian","debian_linux","o",[429],{"version":430,"is_range":51,"range_type":416,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0"]