Vulnerability Description
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | >= 7.0.23, <= 7.0.90 |
| Debian | Debian Linux | 8.0 |
| Canonical | Ubuntu Linux | 14.04 |
| Netapp | Snap Creator Framework | - |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 7.6 |
| Redhat | Enterprise Linux Server Eus | 7.6 |
| Redhat | Enterprise Linux Server Tus | 7.6 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Oracle | Communications Application Session Controller | 3.7.1 |
| Oracle | Hospitality Guest Access | 4.2.0 |
| Oracle | Instantis Enterprisetrack | 17.1 |
| Oracle | Retail Order Broker | 5.1 |
| Oracle | Secure Global Desktop | 5.4 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
- http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.
- http://www.securityfocus.com/bid/105524Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2019:0130Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:0131Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:0485Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1529
- https://kc.mcafee.com/corporate/index?page=content&id=SB10284
- https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55a
- https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f7
- https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e8
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f9
- https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b13
FAQ
What is CVE-2018-11784?
CVE-2018-11784 is a vulnerability with a CVSS score of 4.3 (MEDIUM). When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/fo...
How severe is CVE-2018-11784?
CVE-2018-11784 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11784?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat, Debian Debian Linux, Canonical Ubuntu Linux, Netapp Snap Creator Framework, Redhat Enterprise Linux Desktop.