-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tomcat8 Version : 8.0.14-1+deb8u14 CVE ID : CVE-2018-11784
Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. For Debian 8 "Jessie", this problem has been fixed in version 8.0.14-1+deb8u14. We recommend that you upgrade your tomcat8 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvExrxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSq3xAAiTDOhDU3C1yqzgGBfYKFYv0LawsT3cptxdxZTZehVmo2hJ9FObo+SnQ+ tGbWiCxxVsMHOZJsVGK1tgQxTfatC8MI6UJm/kuHitatCnOdNlOyuBvSxF+y3wXy FQGInPQtmrzVT1Fmv8oDAfSmQk6jZpy5N+yFnyKIJlk5EhGIXSz8H5brFqFzfpjP LXQA5TNp3JEAmjcE7Nd3Rkjmig2F5qEYc+FYqZxdGYKYUFrpwC/P6lP5yujANBCV lHqgHXdP8P7VX1vTnaF/KUt0cKhHbbGtV/LGKz80xuFAaxHyCUtT07aDgN+1OGTf JthXqCnK2/ojj3Zx8Qx39eqbtZbR129GMenSA3rIDPA6L0UIA508c/6iNPWqanBN O6sWVdl1zX2fVUF+1+Uw8IoLynJBGCQVk5ztEOstEK7hE3bbXX6MmRQaykYtqwQy +zUSeRVV97+21Yn9PDfe27GltJCMZQFenkBCLLGV3+KvBAStBhb4OSLhuqjfMunA o3aUv8l9no7BK/zCI+PeuGGSdcVDf8L3tjnOSt9LxcHsH/D2TwJyRsXYbaMwRhYN 7ap2CyNtURzGGVWL6K0CXGtyu6ZvYUTXGUt8fltnQP5sEYKBqEobpfSC2F3nUUtv V+Qwq1IaqjhrRWWw4JC3LohSUa3pBGIKj7E61xyHZYd53S+ZhOU= =tSQN -----END PGP SIGNATURE-----
