Apache Tomcat Coyote FFM OCSP verification bypass
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. The vulnerable code is in the OpenSSLEngine class within the org.apache.tomcat.util.net.openssl.panama package, which is shipped in the tomcat-coyote-ffm artifact. This issue affects Apache Tomcat: from …