When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Apache
  • Tomcat
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Netapp
  • Snap Creator Framework
Oracle
  • Communications Application Session Controller
  • Hospitality Guest Access
  • Instantis Enterprisetrack
  • Retail Order Broker
  • Secure Global Desktop
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Server
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Eus
  • Enterprise Linux Server Tus
  • Enterprise Linux Workstation
  • Jboss Enterprise Web Server

Configuration 1 [-]

OR cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 4 [-]

cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 7
tomcat-0:7.0.76-9.el7_6 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:0485 2019-03-13T00:00:00Z
Red Hat Enterprise Linux 8
pki-deps:10.6-8000020190524054914.55190bc5 cpe:/a:redhat:enterprise_linux:8 RHSA-2019:1529 2019-06-18T00:00:00Z
Red Hat JBoss Web Server 3.1
tomcat cpe:/a:redhat:jboss_enterprise_web_server:3.1 RHSA-2019:0130 2019-01-22T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 6
tomcat7-0:7.0.70-31.ep7.el6 cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6 RHSA-2019:0131 2019-01-22T00:00:00Z
tomcat8-0:8.0.36-35.ep7.el6 cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6 RHSA-2019:0131 2019-01-22T00:00:00Z
tomcat-native-0:1.2.17-18.redhat_18.ep7.el6 cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6 RHSA-2019:0131 2019-01-22T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
tomcat7-0:7.0.70-31.ep7.el7 cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7 RHSA-2019:0131 2019-01-22T00:00:00Z
tomcat8-0:8.0.36-35.ep7.el7 cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7 RHSA-2019:0131 2019-01-22T00:00:00Z
tomcat-native-0:1.2.17-18.redhat_18.ep7.el7 cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7 RHSA-2019:0131 2019-01-22T00:00:00Z
Red Hat JBoss Web Server 5.0
cpe:/a:redhat:jboss_enterprise_web_server:5.0 RHSA-2018:2867 2018-10-03T00:00:00Z
Red Hat JBoss Web Server 5.0 on RHEL 6
jws5-tomcat-0:9.0.7-12.redhat_12.1.el6jws cpe:/a:redhat:jboss_enterprise_web_server:5.0::el6 RHSA-2018:2868 2018-10-03T00:00:00Z
Red Hat JBoss Web Server 5.0 on RHEL 7
jws5-tomcat-0:9.0.7-12.redhat_12.1.el7jws cpe:/a:redhat:jboss_enterprise_web_server:5.0::el7 RHSA-2018:2868 2018-10-03T00:00:00Z
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html cve-icon cve-icon
http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html cve-icon cve-icon
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.91 cve-icon
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.34 cve-icon
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.12 cve-icon
http://www.securityfocus.com/bid/105524 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0130 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0131 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0485 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1529 cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10284 cve-icon cve-icon
https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75%40%3Cannounce.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-11784 cve-icon
https://seclists.org/bugtraq/2019/Dec/43 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20181014-0002/ cve-icon cve-icon
https://usn.ubuntu.com/3787-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-11784 cve-icon
https://www.debian.org/security/2019/dsa-4596 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2020.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-10-04T13:00:00Z

Updated: 2024-09-16T17:04:04.205Z

Reserved: 2018-06-05T00:00:00

Link: CVE-2018-11784

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-10-04T13:29:00.330

Modified: 2023-12-08T16:41:18.860

Link: CVE-2018-11784

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-10-03T00:00:00Z

Links: CVE-2018-11784 - Bugzilla