The Apache Software Foundation has released security updates to address multiple vulnerabilities in Apache Tomcat Native.
Two vulnerabilities were fixed in Apache Tomcat Native Connector 1.2.17 – Mishandled OCSP invalid response (CVE-2018-8019) and Mishandled OCSP responses can allow clients to authenticate with revoked certificates (CVE-2018-8020).
Another moderate vulnerability, OCSP check omitted (CVE-2017-15698), was also fixed in Apache Tomcat Native Connector 1.2.16.