vulnerability
Oracle Linux: CVE-2018-11784: ELSA-2019-1529: pki-deps:10.6 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | 2018-10-03 | 2019-03-14 | 2025-01-07 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
2018-10-03
Added
2019-03-14
Modified
2025-01-07
Description
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Solution(s)
oracle-linux-upgrade-apache-commons-collectionsoracle-linux-upgrade-apache-commons-langoracle-linux-upgrade-bea-stax-apioracle-linux-upgrade-glassfish-fastinfosetoracle-linux-upgrade-glassfish-jaxb-apioracle-linux-upgrade-glassfish-jaxb-coreoracle-linux-upgrade-glassfish-jaxb-runtimeoracle-linux-upgrade-glassfish-jaxb-txw2oracle-linux-upgrade-jackson-annotationsoracle-linux-upgrade-jackson-coreoracle-linux-upgrade-jackson-databindoracle-linux-upgrade-jackson-jaxrs-json-provideroracle-linux-upgrade-jackson-jaxrs-providersoracle-linux-upgrade-jackson-module-jaxb-annotationsoracle-linux-upgrade-jakarta-commons-httpclientoracle-linux-upgrade-javassistoracle-linux-upgrade-javassist-javadocoracle-linux-upgrade-pki-servlet-4-0-apioracle-linux-upgrade-pki-servlet-containeroracle-linux-upgrade-python3-nssoracle-linux-upgrade-python-nss-docoracle-linux-upgrade-relaxngdatatypeoracle-linux-upgrade-resteasyoracle-linux-upgrade-slf4joracle-linux-upgrade-slf4j-jdk14oracle-linux-upgrade-stax-exoracle-linux-upgrade-tomcatoracle-linux-upgrade-tomcat-admin-webappsoracle-linux-upgrade-tomcat-docs-webapporacle-linux-upgrade-tomcat-el-2-2-apioracle-linux-upgrade-tomcat-javadocoracle-linux-upgrade-tomcat-jsp-2-2-apioracle-linux-upgrade-tomcat-jsvcoracle-linux-upgrade-tomcat-liboracle-linux-upgrade-tomcat-servlet-3-0-apioracle-linux-upgrade-tomcat-webappsoracle-linux-upgrade-velocityoracle-linux-upgrade-xalan-j2oracle-linux-upgrade-xerces-j2oracle-linux-upgrade-xml-commons-apisoracle-linux-upgrade-xml-commons-resolveroracle-linux-upgrade-xmlstreambufferoracle-linux-upgrade-xsom
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.