vulnerability
Oracle Linux: CVE-2018-11784: ELSA-2019-0485: tomcat security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Oct 3, 2018 | Mar 14, 2019 | Dec 3, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Oct 3, 2018
Added
Mar 14, 2019
Modified
Dec 3, 2025
Description
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Solutions
oracle-linux-upgrade-apache-commons-collectionsoracle-linux-upgrade-apache-commons-langoracle-linux-upgrade-bea-stax-apioracle-linux-upgrade-glassfish-fastinfosetoracle-linux-upgrade-glassfish-jaxb-apioracle-linux-upgrade-glassfish-jaxb-coreoracle-linux-upgrade-glassfish-jaxb-runtimeoracle-linux-upgrade-glassfish-jaxb-txw2oracle-linux-upgrade-jackson-annotationsoracle-linux-upgrade-jackson-coreoracle-linux-upgrade-jackson-databindoracle-linux-upgrade-jackson-jaxrs-json-provideroracle-linux-upgrade-jackson-jaxrs-providersoracle-linux-upgrade-jackson-module-jaxb-annotationsoracle-linux-upgrade-jakarta-commons-httpclientoracle-linux-upgrade-javassistoracle-linux-upgrade-javassist-javadocoracle-linux-upgrade-pki-servlet-4-0-apioracle-linux-upgrade-pki-servlet-containeroracle-linux-upgrade-python3-nssoracle-linux-upgrade-python-nss-docoracle-linux-upgrade-relaxngdatatypeoracle-linux-upgrade-resteasyoracle-linux-upgrade-slf4joracle-linux-upgrade-slf4j-jdk14oracle-linux-upgrade-stax-exoracle-linux-upgrade-tomcatoracle-linux-upgrade-tomcat-admin-webappsoracle-linux-upgrade-tomcat-docs-webapporacle-linux-upgrade-tomcat-el-2-2-apioracle-linux-upgrade-tomcat-javadocoracle-linux-upgrade-tomcat-jsp-2-2-apioracle-linux-upgrade-tomcat-jsvcoracle-linux-upgrade-tomcat-liboracle-linux-upgrade-tomcat-servlet-3-0-apioracle-linux-upgrade-tomcat-webappsoracle-linux-upgrade-velocityoracle-linux-upgrade-xalan-j2oracle-linux-upgrade-xerces-j2oracle-linux-upgrade-xml-commons-apisoracle-linux-upgrade-xml-commons-resolveroracle-linux-upgrade-xmlstreambufferoracle-linux-upgrade-xsom
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.