vulnerability
Oracle Solaris 11: CVE-2018-11784: Vulnerability in Apache Tomcat
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Oct 4, 2018 | Nov 19, 2018 | Feb 17, 2022 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Oct 4, 2018
Added
Nov 19, 2018
Modified
Feb 17, 2022
Description
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Solutions
oracle-solaris-11-3-upgrade-web-java-servlet-tomcat-8-8-5-51-0-175-3-36-0-20-0oracle-solaris-11-3-upgrade-web-java-servlet-tomcat-8-tomcat-admin-8-5-51-0-175-3-36-0-20-0oracle-solaris-11-3-upgrade-web-java-servlet-tomcat-8-tomcat-examples-8-5-51-0-175-3-36-0-20-0oracle-solaris-11-4-upgrade-web-java-servlet-tomcat-8-8-5-34-11-4-3-0-1-4-0oracle-solaris-11-4-upgrade-web-java-servlet-tomcat-8-tomcat-admin-8-5-34-11-4-3-0-1-4-0oracle-solaris-11-4-upgrade-web-java-servlet-tomcat-8-tomcat-examples-8-5-34-11-4-3-0-1-4-0
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.