vulnerability
Red Hat: CVE-2018-11784: CVE-2018-11784 tomcat: Open redirect in default servlet (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | 2018-10-04 | 2019-03-14 | 2024-11-27 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
2018-10-04
Added
2019-03-14
Modified
2024-11-27
Description
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Solution(s)
redhat-upgrade-apache-commons-collectionsredhat-upgrade-apache-commons-langredhat-upgrade-bea-stax-apiredhat-upgrade-glassfish-fastinfosetredhat-upgrade-glassfish-jaxb-apiredhat-upgrade-glassfish-jaxb-coreredhat-upgrade-glassfish-jaxb-runtimeredhat-upgrade-glassfish-jaxb-txw2redhat-upgrade-jackson-annotationsredhat-upgrade-jackson-coreredhat-upgrade-jackson-databindredhat-upgrade-jackson-jaxrs-json-providerredhat-upgrade-jackson-jaxrs-providersredhat-upgrade-jackson-module-jaxb-annotationsredhat-upgrade-jakarta-commons-httpclientredhat-upgrade-javassistredhat-upgrade-javassist-javadocredhat-upgrade-pki-servlet-4-0-apiredhat-upgrade-pki-servlet-containerredhat-upgrade-python-nss-debugsourceredhat-upgrade-python-nss-docredhat-upgrade-python3-nssredhat-upgrade-python3-nss-debuginforedhat-upgrade-relaxngdatatyperedhat-upgrade-resteasyredhat-upgrade-slf4jredhat-upgrade-slf4j-jdk14redhat-upgrade-stax-exredhat-upgrade-velocityredhat-upgrade-xalan-j2redhat-upgrade-xerces-j2redhat-upgrade-xml-commons-apisredhat-upgrade-xml-commons-resolverredhat-upgrade-xmlstreambufferredhat-upgrade-xsom
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.