CVE-2018-11784 Apache Tomcat - Open Redirect Severity: Moderate
Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.11 Apache Tomcat 8.5.0 to 8.5.33 Apache Tomcat 7.0.23 to 7.0.90 The unsupported 8.0.x release line has not been analysed but is likely to be affected. Description: When the default servlet returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 9.0.12 or later. - Upgrade to Apache Tomcat 8.5.34 or later. - Upgrade to Apache Tomcat 7.0.91 or later. - Use mapperDirectoryRedirectEnabled="true" and mapperContextRootRedirectEnabled="true" on the Context to ensure that redirects are issued by the Mapper rather than the default Servlet. See the Context configuration documentation for further important details. Credit: This vulnerability was found by Sergey Bobrov and reported responsibly to the Apache Tomcat Security Team. History: 2018-10-03 Original advisory References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
