CVE-2018-11784

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

Published : 2018-10-04 13:29 Updated : 2019-06-11 22:29

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Apache Tomcat 7.0.23 cpe:/a:apache:tomcat:7.0.23
Apache Tomcat 7.0.24 cpe:/a:apache:tomcat:7.0.24
Apache Tomcat 7.0.25 cpe:/a:apache:tomcat:7.0.25
Apache Tomcat 7.0.26 cpe:/a:apache:tomcat:7.0.26
Apache Tomcat 7.0.27 cpe:/a:apache:tomcat:7.0.27
Apache Tomcat 7.0.28 cpe:/a:apache:tomcat:7.0.28
Apache Tomcat 7.0.29 cpe:/a:apache:tomcat:7.0.29
Apache Tomcat 7.0.30 cpe:/a:apache:tomcat:7.0.30
Apache Tomcat 7.0.31 cpe:/a:apache:tomcat:7.0.31
Apache Tomcat 7.0.32 cpe:/a:apache:tomcat:7.0.32
Apache Tomcat 7.0.33 cpe:/a:apache:tomcat:7.0.33
Apache Tomcat 7.0.34 cpe:/a:apache:tomcat:7.0.34
Apache Tomcat 7.0.35 cpe:/a:apache:tomcat:7.0.35
Apache Tomcat 7.0.36 cpe:/a:apache:tomcat:7.0.36
Apache Tomcat 7.0.37 cpe:/a:apache:tomcat:7.0.37
Apache Tomcat 7.0.38 cpe:/a:apache:tomcat:7.0.38
Apache Tomcat 7.0.39 cpe:/a:apache:tomcat:7.0.39
Apache Tomcat 7.0.40 cpe:/a:apache:tomcat:7.0.40
Apache Tomcat 7.0.41 cpe:/a:apache:tomcat:7.0.41
Apache Tomcat 7.0.42 cpe:/a:apache:tomcat:7.0.42
Apache Tomcat 7.0.43 cpe:/a:apache:tomcat:7.0.43
Apache Tomcat 7.0.44 cpe:/a:apache:tomcat:7.0.44
Apache Tomcat 7.0.45 cpe:/a:apache:tomcat:7.0.45
Apache Tomcat 7.0.46 cpe:/a:apache:tomcat:7.0.46
Apache Tomcat 7.0.47 cpe:/a:apache:tomcat:7.0.47
Apache Tomcat 7.0.48 cpe:/a:apache:tomcat:7.0.48
Apache Tomcat 7.0.49 cpe:/a:apache:tomcat:7.0.49
Apache Tomcat 7.0.50 cpe:/a:apache:tomcat:7.0.50
Apache Tomcat 7.0.51 cpe:/a:apache:tomcat:7.0.51
Apache Tomcat 7.0.54 cpe:/a:apache:tomcat:7.0.54
Apache Tomcat 7.0.55 cpe:/a:apache:tomcat:7.0.55
Apache Tomcat 7.0.56 cpe:/a:apache:tomcat:7.0.56
Apache Tomcat 7.0.57 cpe:/a:apache:tomcat:7.0.57
Apache Tomcat 7.0.58 cpe:/a:apache:tomcat:7.0.58
Apache Tomcat 7.0.59 cpe:/a:apache:tomcat:7.0.59
Apache Tomcat 7.0.60 cpe:/a:apache:tomcat:7.0.60
Apache Tomcat 7.0.61 cpe:/a:apache:tomcat:7.0.61
Apache Tomcat 7.0.62 cpe:/a:apache:tomcat:7.0.62
Apache Tomcat 7.0.63 cpe:/a:apache:tomcat:7.0.63
Apache Tomcat 7.0.64 cpe:/a:apache:tomcat:7.0.64
Apache Tomcat 7.0.65 cpe:/a:apache:tomcat:7.0.65
Apache Tomcat 7.0.66 cpe:/a:apache:tomcat:7.0.66
Apache Tomcat 7.0.67 cpe:/a:apache:tomcat:7.0.67
Apache Tomcat 7.0.68 cpe:/a:apache:tomcat:7.0.68
Apache Tomcat 7.0.69 cpe:/a:apache:tomcat:7.0.69
Apache Tomcat 7.0.70 cpe:/a:apache:tomcat:7.0.70
Apache Tomcat 7.0.71 cpe:/a:apache:tomcat:7.0.71
Apache Tomcat 7.0.72 cpe:/a:apache:tomcat:7.0.72
Apache Tomcat 7.0.73 cpe:/a:apache:tomcat:7.0.73
Apache Tomcat 7.0.74 cpe:/a:apache:tomcat:7.0.74
Apache Tomcat 7.0.75 cpe:/a:apache:tomcat:7.0.75
Apache Tomcat 7.0.76 cpe:/a:apache:tomcat:7.0.76
Apache Tomcat 7.0.77 cpe:/a:apache:tomcat:7.0.77
Apache Tomcat 7.0.78 cpe:/a:apache:tomcat:7.0.78
Apache Tomcat 7.0.79 cpe:/a:apache:tomcat:7.0.79
Apache Tomcat 7.0.80 cpe:/a:apache:tomcat:7.0.80
Apache Tomcat 7.0.81 cpe:/a:apache:tomcat:7.0.81
Apache Tomcat 7.0.82 cpe:/a:apache:tomcat:7.0.82
Apache Tomcat 7.0.83 cpe:/a:apache:tomcat:7.0.83
Apache Tomcat 7.0.84 cpe:/a:apache:tomcat:7.0.84
Apache Tomcat 7.0.85 cpe:/a:apache:tomcat:7.0.85
Apache Tomcat 8.5.0 cpe:/a:apache:tomcat:8.5.0
Apache Tomcat 8.5.1 cpe:/a:apache:tomcat:8.5.1
Apache Tomcat 8.5.2 cpe:/a:apache:tomcat:8.5.2
Apache Tomcat 8.5.3 cpe:/a:apache:tomcat:8.5.3
Apache Tomcat 8.5.4 cpe:/a:apache:tomcat:8.5.4
Apache Tomcat 8.5.5 cpe:/a:apache:tomcat:8.5.5
Apache Tomcat 8.5.6 cpe:/a:apache:tomcat:8.5.6
Apache Tomcat 8.5.7 cpe:/a:apache:tomcat:8.5.7
Apache Tomcat 8.5.8 cpe:/a:apache:tomcat:8.5.8
Apache Tomcat 8.5.9 cpe:/a:apache:tomcat:8.5.9
Apache Tomcat 8.5.10 cpe:/a:apache:tomcat:8.5.10
Apache Tomcat 8.5.11 cpe:/a:apache:tomcat:8.5.11
Apache Tomcat 8.5.12 cpe:/a:apache:tomcat:8.5.12
Apache Tomcat 8.5.13 cpe:/a:apache:tomcat:8.5.13
Apache Tomcat 8.5.14 cpe:/a:apache:tomcat:8.5.14
Apache Tomcat 8.5.15 cpe:/a:apache:tomcat:8.5.15
Apache Tomcat 8.5.23 cpe:/a:apache:tomcat:8.5.23
Apache Tomcat 8.5.24 cpe:/a:apache:tomcat:8.5.24
Apache Tomcat 8.5.27 cpe:/a:apache:tomcat:8.5.27
Apache Tomcat 8.5.28 cpe:/a:apache:tomcat:8.5.28
Apache Tomcat 8.5.29 cpe:/a:apache:tomcat:8.5.29
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m1
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m10
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m11
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m12
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m13
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m14
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m15
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m16
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m17
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m18
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m19
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m2
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m20
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m21
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m22
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m23
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m24
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m25
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m26
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m27
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m3
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m4
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m5
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m6
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m7
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m8
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m9
Apache Tomcat 9.0.1 cpe:/a:apache:tomcat:9.0.1
Apache Tomcat 9.0.2 cpe:/a:apache:tomcat:9.0.2
Apache Tomcat 9.0.3 cpe:/a:apache:tomcat:9.0.3
Apache Tomcat 9.0.4 cpe:/a:apache:tomcat:9.0.4
Apache Tomcat 9.0.5 cpe:/a:apache:tomcat:9.0.5
Apache Tomcat 9.0.6 cpe:/a:apache:tomcat:9.0.6
Apache Tomcat 9.0.7 cpe:/a:apache:tomcat:9.0.7
Netapp Snap Creator Framework - cpe:/a:netapp:snap_creator_framework:-
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server 7.6 cpe:/o:redhat:enterprise_linux_server:7.6
Redhat Enterprise Linux Server Aus 7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Apache Tomcat 7.0.52 cpe:/a:apache:tomcat:7.0.52
Apache Tomcat 7.0.53 cpe:/a:apache:tomcat:7.0.53
Apache Tomcat 7.0.86 cpe:/a:apache:tomcat:7.0.86
Apache Tomcat 7.0.87 cpe:/a:apache:tomcat:7.0.87
Apache Tomcat 7.0.88 cpe:/a:apache:tomcat:7.0.88
Apache Tomcat 7.0.89 cpe:/a:apache:tomcat:7.0.89
Apache Tomcat 7.0.90 cpe:/a:apache:tomcat:7.0.90
Apache Tomcat 8.5.16 cpe:/a:apache:tomcat:8.5.16
Apache Tomcat 8.5.17 cpe:/a:apache:tomcat:8.5.17
Apache Tomcat 8.5.18 cpe:/a:apache:tomcat:8.5.18
Apache Tomcat 8.5.19 cpe:/a:apache:tomcat:8.5.19
Apache Tomcat 8.5.20 cpe:/a:apache:tomcat:8.5.20
Apache Tomcat 8.5.21 cpe:/a:apache:tomcat:8.5.21
Apache Tomcat 8.5.22 cpe:/a:apache:tomcat:8.5.22
Apache Tomcat 8.5.25 cpe:/a:apache:tomcat:8.5.25
Apache Tomcat 8.5.26 cpe:/a:apache:tomcat:8.5.26
Apache Tomcat 8.5.30 cpe:/a:apache:tomcat:8.5.30
Apache Tomcat 8.5.31 cpe:/a:apache:tomcat:8.5.31
Apache Tomcat 8.5.32 cpe:/a:apache:tomcat:8.5.32
Apache Tomcat 8.5.33 cpe:/a:apache:tomcat:8.5.33
Apache Tomcat 9.0.8 cpe:/a:apache:tomcat:9.0.8
Apache Tomcat 9.0.9 cpe:/a:apache:tomcat:9.0.9
Apache Tomcat 9.0.10 cpe:/a:apache:tomcat:9.0.10
Apache Tomcat 9.0.11 cpe:/a:apache:tomcat:9.0.11
Oracle Communications Application Session Controller 3.7.1 cpe:/a:oracle:communications_application_session_controller:3.7.1
Oracle Communications Application Session Controller 3.8.0 cpe:/a:oracle:communications_application_session_controller:3.8.0
Oracle Hospitality Guest Access 4.2.0 cpe:/a:oracle:hospitality_guest_access:4.2.0
Oracle Hospitality Guest Access 4.2.1 cpe:/a:oracle:hospitality_guest_access:4.2.1
Oracle Instantis Enterprisetrack 17.1 cpe:/a:oracle:instantis_enterprisetrack:17.1
Oracle Instantis Enterprisetrack 17.2 cpe:/a:oracle:instantis_enterprisetrack:17.2
Oracle Instantis Enterprisetrack 17.3 cpe:/a:oracle:instantis_enterprisetrack:17.3
Oracle Retail Order Broker 5.1 cpe:/a:oracle:retail_order_broker:5.1
Oracle Retail Order Broker 5.2 cpe:/a:oracle:retail_order_broker:5.2
Oracle Retail Order Broker 15.0 cpe:/a:oracle:retail_order_broker:15.0
Oracle Secure Global Desktop 5.4 cpe:/a:oracle:secure_global_desktop:5.4
  1. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 8.0
  2. Oracle (5) Search CVE
    1. Communications Application Session Controller (2) Search CVE
      1. 3.7.1
      2. 3.8.0
    2. Hospitality Guest Access (2) Search CVE
      1. 4.2.0
      2. 4.2.1
    3. Secure Global Desktop (1) Search CVE
      1. 5.4
    4. Retail Order Broker (3) Search CVE
      1. 5.1
      2. 5.2
      3. 15.0
    5. Instantis Enterprisetrack (3) Search CVE
      1. 17.1
      2. 17.2
      3. 17.3
  3. Netapp (1) Search CVE
    1. Snap Creator Framework (1) Search CVE
      1. -
  4. Apache (1) Search CVE
    1. Tomcat (114) Search CVE
      1. 7.0.23
      2. 7.0.24
      3. 7.0.25
      4. 7.0.26
      5. 7.0.27
      6. 7.0.28
      7. 7.0.29
      8. 7.0.30
      9. 7.0.31
      10. 7.0.32
      11. 7.0.33
      12. 7.0.34
      13. 7.0.35
      14. 7.0.36
      15. 7.0.37
      16. 7.0.38
      17. 7.0.39
      18. 7.0.40
      19. 7.0.41
      20. 7.0.42
      21. 7.0.43
      22. 7.0.44
      23. 7.0.45
      24. 7.0.46
      25. 7.0.47
      26. 7.0.48
      27. 7.0.49
      28. 7.0.50
      29. 7.0.51
      30. 7.0.54
      31. 7.0.55
      32. 7.0.56
      33. 7.0.57
      34. 7.0.58
      35. 7.0.59
      36. 7.0.60
      37. 7.0.61
      38. 7.0.62
      39. 7.0.63
      40. 7.0.64
      41. 7.0.65
      42. 7.0.66
      43. 7.0.67
      44. 7.0.68
      45. 7.0.69
      46. 7.0.70
      47. 7.0.71
      48. 7.0.72
      49. 7.0.73
      50. 7.0.74
      51. 7.0.75
      52. 7.0.76
      53. 7.0.77
      54. 7.0.78
      55. 7.0.79
      56. 7.0.80
      57. 7.0.81
      58. 7.0.82
      59. 7.0.83
      60. 7.0.84
      61. 7.0.85
      62. 8.5.0
      63. 8.5.1
      64. 8.5.2
      65. 8.5.3
      66. 8.5.4
      67. 8.5.5
      68. 8.5.6
      69. 8.5.7
      70. 8.5.8
      71. 8.5.9
      72. 8.5.10
      73. 8.5.11
      74. 8.5.12
      75. 8.5.13
      76. 8.5.14
      77. 8.5.15
      78. 8.5.23
      79. 8.5.24
      80. 8.5.27
      81. 8.5.28
      82. 8.5.29
      83. 9.0.0
      84. 9.0.1
      85. 9.0.2
      86. 9.0.3
      87. 9.0.4
      88. 9.0.5
      89. 9.0.6
      90. 9.0.7
      91. 7.0.52
      92. 7.0.53
      93. 7.0.86
      94. 7.0.87
      95. 7.0.88
      96. 7.0.89
      97. 7.0.90
      98. 8.5.16
      99. 8.5.17
      100. 8.5.18
      101. 8.5.19
      102. 8.5.20
      103. 8.5.21
      104. 8.5.22
      105. 8.5.25
      106. 8.5.26
      107. 8.5.30
      108. 8.5.31
      109. 8.5.32
      110. 8.5.33
      111. 9.0.8
      112. 9.0.9
      113. 9.0.10
      114. 9.0.11
  5. Canonical (1) Search CVE
    1. Ubuntu Linux (2) Search CVE
      1. 14.04
      2. 16.04
  6. Redhat (6) Search CVE
    1. Enterprise Linux Server Aus (1) Search CVE
      1. 7.6
    2. Enterprise Linux Server Eus (1) Search CVE
      1. 7.6
    3. Enterprise Linux Server (2) Search CVE
      1. 7.0
      2. 7.6
    4. Enterprise Linux Desktop (1) Search CVE
      1. 7.0
    5. Enterprise Linux Server Tus (1) Search CVE
      1. 7.6
    6. Enterprise Linux Workstation (1) Search CVE
      1. 7.0

CWE

ID Name Description Links
CWE-601 URL Redirection to Untrusted Site ('Open Redirect') A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. CVE

References

Source Link
REDHAT https://access.redhat.com/errata/RHSA-2019:0485
MLIST https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/
MLIST https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
MISC https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
MLIST https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
MLIST https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
BID http://www.securityfocus.com/bid/105524
UBUNTU https://usn.ubuntu.com/3787-1/
MLIST https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html
CONFIRM https://security.netapp.com/advisory/ntap-20181014-0002/
MLIST https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html
CONFIRM https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
REDHAT https://access.redhat.com/errata/RHSA-2019:0130
REDHAT https://access.redhat.com/errata/RHSA-2019:0131

History of changes

Date Event
2019-06-11 22:29
2019-05-10 18:54
2019-04-23 19:31
2019-04-15 16:31
2019-03-25 11:35
2019-03-21 16:00
2019-03-18 16:40
2019-03-14 10:29
2019-01-23 11:29
2019-01-16 19:29
2019-01-08 13:57
2018-10-16 10:29
2018-10-15 10:29
2018-10-11 10:29
2018-10-09 10:29
2018-10-04 13:29

New CVE