CVE-2018-11784

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

Published : 2018-10-04 13:29 Updated : 2019-04-15 16:31

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Apache Tomcat 7.0.23 cpe:/a:apache:tomcat:7.0.23
Apache Tomcat 7.0.24 cpe:/a:apache:tomcat:7.0.24
Apache Tomcat 7.0.25 cpe:/a:apache:tomcat:7.0.25
Apache Tomcat 7.0.26 cpe:/a:apache:tomcat:7.0.26
Apache Tomcat 7.0.27 cpe:/a:apache:tomcat:7.0.27
Apache Tomcat 7.0.28 cpe:/a:apache:tomcat:7.0.28
Apache Tomcat 7.0.29 cpe:/a:apache:tomcat:7.0.29
Apache Tomcat 7.0.30 cpe:/a:apache:tomcat:7.0.30
Apache Tomcat 7.0.31 cpe:/a:apache:tomcat:7.0.31
Apache Tomcat 7.0.32 cpe:/a:apache:tomcat:7.0.32
Apache Tomcat 7.0.33 cpe:/a:apache:tomcat:7.0.33
Apache Tomcat 7.0.34 cpe:/a:apache:tomcat:7.0.34
Apache Tomcat 7.0.35 cpe:/a:apache:tomcat:7.0.35
Apache Tomcat 7.0.36 cpe:/a:apache:tomcat:7.0.36
Apache Tomcat 7.0.37 cpe:/a:apache:tomcat:7.0.37
Apache Tomcat 7.0.38 cpe:/a:apache:tomcat:7.0.38
Apache Tomcat 7.0.39 cpe:/a:apache:tomcat:7.0.39
Apache Tomcat 7.0.40 cpe:/a:apache:tomcat:7.0.40
Apache Tomcat 7.0.41 cpe:/a:apache:tomcat:7.0.41
Apache Tomcat 7.0.42 cpe:/a:apache:tomcat:7.0.42
Apache Tomcat 7.0.43 cpe:/a:apache:tomcat:7.0.43
Apache Tomcat 7.0.44 cpe:/a:apache:tomcat:7.0.44
Apache Tomcat 7.0.45 cpe:/a:apache:tomcat:7.0.45
Apache Tomcat 7.0.46 cpe:/a:apache:tomcat:7.0.46
Apache Tomcat 7.0.47 cpe:/a:apache:tomcat:7.0.47
Apache Tomcat 7.0.48 cpe:/a:apache:tomcat:7.0.48
Apache Tomcat 7.0.49 cpe:/a:apache:tomcat:7.0.49
Apache Tomcat 7.0.50 cpe:/a:apache:tomcat:7.0.50
Apache Tomcat 7.0.51 cpe:/a:apache:tomcat:7.0.51
Apache Tomcat 7.0.54 cpe:/a:apache:tomcat:7.0.54
Apache Tomcat 7.0.55 cpe:/a:apache:tomcat:7.0.55
Apache Tomcat 7.0.56 cpe:/a:apache:tomcat:7.0.56
Apache Tomcat 7.0.57 cpe:/a:apache:tomcat:7.0.57
Apache Tomcat 7.0.58 cpe:/a:apache:tomcat:7.0.58
Apache Tomcat 7.0.59 cpe:/a:apache:tomcat:7.0.59
Apache Tomcat 7.0.60 cpe:/a:apache:tomcat:7.0.60
Apache Tomcat 7.0.61 cpe:/a:apache:tomcat:7.0.61
Apache Tomcat 7.0.62 cpe:/a:apache:tomcat:7.0.62
Apache Tomcat 7.0.63 cpe:/a:apache:tomcat:7.0.63
Apache Tomcat 7.0.64 cpe:/a:apache:tomcat:7.0.64
Apache Tomcat 7.0.65 cpe:/a:apache:tomcat:7.0.65
Apache Tomcat 7.0.66 cpe:/a:apache:tomcat:7.0.66
Apache Tomcat 7.0.67 cpe:/a:apache:tomcat:7.0.67
Apache Tomcat 7.0.68 cpe:/a:apache:tomcat:7.0.68
Apache Tomcat 7.0.69 cpe:/a:apache:tomcat:7.0.69
Apache Tomcat 7.0.70 cpe:/a:apache:tomcat:7.0.70
Apache Tomcat 7.0.71 cpe:/a:apache:tomcat:7.0.71
Apache Tomcat 7.0.72 cpe:/a:apache:tomcat:7.0.72
Apache Tomcat 7.0.73 cpe:/a:apache:tomcat:7.0.73
Apache Tomcat 7.0.74 cpe:/a:apache:tomcat:7.0.74
Apache Tomcat 7.0.75 cpe:/a:apache:tomcat:7.0.75
Apache Tomcat 7.0.76 cpe:/a:apache:tomcat:7.0.76
Apache Tomcat 7.0.77 cpe:/a:apache:tomcat:7.0.77
Apache Tomcat 7.0.78 cpe:/a:apache:tomcat:7.0.78
Apache Tomcat 7.0.79 cpe:/a:apache:tomcat:7.0.79
Apache Tomcat 7.0.80 cpe:/a:apache:tomcat:7.0.80
Apache Tomcat 7.0.81 cpe:/a:apache:tomcat:7.0.81
Apache Tomcat 7.0.82 cpe:/a:apache:tomcat:7.0.82
Apache Tomcat 7.0.83 cpe:/a:apache:tomcat:7.0.83
Apache Tomcat 7.0.84 cpe:/a:apache:tomcat:7.0.84
Apache Tomcat 7.0.85 cpe:/a:apache:tomcat:7.0.85
Apache Tomcat 8.5.0 cpe:/a:apache:tomcat:8.5.0
Apache Tomcat 8.5.1 cpe:/a:apache:tomcat:8.5.1
Apache Tomcat 8.5.2 cpe:/a:apache:tomcat:8.5.2
Apache Tomcat 8.5.3 cpe:/a:apache:tomcat:8.5.3
Apache Tomcat 8.5.4 cpe:/a:apache:tomcat:8.5.4
Apache Tomcat 8.5.5 cpe:/a:apache:tomcat:8.5.5
Apache Tomcat 8.5.6 cpe:/a:apache:tomcat:8.5.6
Apache Tomcat 8.5.7 cpe:/a:apache:tomcat:8.5.7
Apache Tomcat 8.5.8 cpe:/a:apache:tomcat:8.5.8
Apache Tomcat 8.5.9 cpe:/a:apache:tomcat:8.5.9
Apache Tomcat 8.5.10 cpe:/a:apache:tomcat:8.5.10
Apache Tomcat 8.5.11 cpe:/a:apache:tomcat:8.5.11
Apache Tomcat 8.5.12 cpe:/a:apache:tomcat:8.5.12
Apache Tomcat 8.5.13 cpe:/a:apache:tomcat:8.5.13
Apache Tomcat 8.5.14 cpe:/a:apache:tomcat:8.5.14
Apache Tomcat 8.5.15 cpe:/a:apache:tomcat:8.5.15
Apache Tomcat 8.5.23 cpe:/a:apache:tomcat:8.5.23
Apache Tomcat 8.5.24 cpe:/a:apache:tomcat:8.5.24
Apache Tomcat 8.5.27 cpe:/a:apache:tomcat:8.5.27
Apache Tomcat 8.5.28 cpe:/a:apache:tomcat:8.5.28
Apache Tomcat 8.5.29 cpe:/a:apache:tomcat:8.5.29
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m1
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m10
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m11
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m12
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m13
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m14
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m15
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m16
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m17
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m18
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m19
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m2
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m20
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m21
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m22
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m23
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m24
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m25
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m26
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m27
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m3
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m4
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m5
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m6
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m7
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m8
Apache Tomcat 9.0.0 cpe:/a:apache:tomcat:9.0.0:m9
Apache Tomcat 9.0.1 cpe:/a:apache:tomcat:9.0.1
Apache Tomcat 9.0.2 cpe:/a:apache:tomcat:9.0.2
Apache Tomcat 9.0.3 cpe:/a:apache:tomcat:9.0.3
Apache Tomcat 9.0.4 cpe:/a:apache:tomcat:9.0.4
Apache Tomcat 9.0.5 cpe:/a:apache:tomcat:9.0.5
Apache Tomcat 9.0.6 cpe:/a:apache:tomcat:9.0.6
Apache Tomcat 9.0.7 cpe:/a:apache:tomcat:9.0.7
Netapp Snap Creator Framework - cpe:/a:netapp:snap_creator_framework:-
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server 7.6 cpe:/o:redhat:enterprise_linux_server:7.6
Redhat Enterprise Linux Server Aus 7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (2) Search CVE
      1. 14.04
      2. 16.04
  2. Netapp (1) Search CVE
    1. Snap Creator Framework (1) Search CVE
      1. -
  3. Apache (1) Search CVE
    1. Tomcat (90) Search CVE
      1. 7.0.23
      2. 7.0.24
      3. 7.0.25
      4. 7.0.26
      5. 7.0.27
      6. 7.0.28
      7. 7.0.29
      8. 7.0.30
      9. 7.0.31
      10. 7.0.32
      11. 7.0.33
      12. 7.0.34
      13. 7.0.35
      14. 7.0.36
      15. 7.0.37
      16. 7.0.38
      17. 7.0.39
      18. 7.0.40
      19. 7.0.41
      20. 7.0.42
      21. 7.0.43
      22. 7.0.44
      23. 7.0.45
      24. 7.0.46
      25. 7.0.47
      26. 7.0.48
      27. 7.0.49
      28. 7.0.50
      29. 7.0.51
      30. 7.0.54
      31. 7.0.55
      32. 7.0.56
      33. 7.0.57
      34. 7.0.58
      35. 7.0.59
      36. 7.0.60
      37. 7.0.61
      38. 7.0.62
      39. 7.0.63
      40. 7.0.64
      41. 7.0.65
      42. 7.0.66
      43. 7.0.67
      44. 7.0.68
      45. 7.0.69
      46. 7.0.70
      47. 7.0.71
      48. 7.0.72
      49. 7.0.73
      50. 7.0.74
      51. 7.0.75
      52. 7.0.76
      53. 7.0.77
      54. 7.0.78
      55. 7.0.79
      56. 7.0.80
      57. 7.0.81
      58. 7.0.82
      59. 7.0.83
      60. 7.0.84
      61. 7.0.85
      62. 8.5.0
      63. 8.5.1
      64. 8.5.2
      65. 8.5.3
      66. 8.5.4
      67. 8.5.5
      68. 8.5.6
      69. 8.5.7
      70. 8.5.8
      71. 8.5.9
      72. 8.5.10
      73. 8.5.11
      74. 8.5.12
      75. 8.5.13
      76. 8.5.14
      77. 8.5.15
      78. 8.5.23
      79. 8.5.24
      80. 8.5.27
      81. 8.5.28
      82. 8.5.29
      83. 9.0.0
      84. 9.0.1
      85. 9.0.2
      86. 9.0.3
      87. 9.0.4
      88. 9.0.5
      89. 9.0.6
      90. 9.0.7
  4. Redhat (6) Search CVE
    1. Enterprise Linux Server Tus (1) Search CVE
      1. 7.6
    2. Enterprise Linux Server Eus (1) Search CVE
      1. 7.6
    3. Enterprise Linux Server (2) Search CVE
      1. 7.0
      2. 7.6
    4. Enterprise Linux Server Aus (1) Search CVE
      1. 7.6
    5. Enterprise Linux Workstation (1) Search CVE
      1. 7.0
    6. Enterprise Linux Desktop (1) Search CVE
      1. 7.0
  5. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 8.0

CWE

ID Name Description Links
CWE-601 URL Redirection to Untrusted Site ('Open Redirect') A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. CVE

References

Source Link
MLIST https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
BID http://www.securityfocus.com/bid/105524
UBUNTU https://usn.ubuntu.com/3787-1/
MLIST https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html
CONFIRM https://security.netapp.com/advisory/ntap-20181014-0002/
MLIST https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html
CONFIRM https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
REDHAT https://access.redhat.com/errata/RHSA-2019:0130
REDHAT https://access.redhat.com/errata/RHSA-2019:0131
REDHAT https://access.redhat.com/errata/RHSA-2019:0485
MLIST https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
MLIST https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/

History of changes

Date Event
2019-04-15 16:31
2019-03-25 11:35
2019-03-21 16:00
2019-03-18 16:40
2019-03-14 10:29
2019-01-23 11:29
2019-01-16 19:29
2019-01-08 13:57
2018-10-16 10:29
2018-10-15 10:29
2018-10-11 10:29
2018-10-09 10:29
2018-10-04 13:29

New CVE