ID CVE-2018-11784
Summary When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 7.0.23
    cpe:2.3:a:apache:tomcat:7.0.23
  • Apache Software Foundation Tomcat 7.0.24
    cpe:2.3:a:apache:tomcat:7.0.24
  • Apache Software Foundation Tomcat 7.0.25
    cpe:2.3:a:apache:tomcat:7.0.25
  • Apache Software Foundation Tomcat 7.0.26
    cpe:2.3:a:apache:tomcat:7.0.26
  • Apache Software Foundation Tomcat 7.0.27
    cpe:2.3:a:apache:tomcat:7.0.27
  • Apache Software Foundation Tomcat 7.0.28
    cpe:2.3:a:apache:tomcat:7.0.28
  • Apache Software Foundation Tomcat 7.0.29
    cpe:2.3:a:apache:tomcat:7.0.29
  • Apache Software Foundation Tomcat 7.0.30
    cpe:2.3:a:apache:tomcat:7.0.30
  • Apache Software Foundation Tomcat 7.0.31
    cpe:2.3:a:apache:tomcat:7.0.31
  • Apache Software Foundation Tomcat 7.0.32
    cpe:2.3:a:apache:tomcat:7.0.32
  • Apache Software Foundation Tomcat 7.0.33
    cpe:2.3:a:apache:tomcat:7.0.33
  • Apache Software Foundation Tomcat 7.0.34
    cpe:2.3:a:apache:tomcat:7.0.34
  • Apache Software Foundation Tomcat 7.0.35
    cpe:2.3:a:apache:tomcat:7.0.35
  • Apache Software Foundation Tomcat 7.0.36
    cpe:2.3:a:apache:tomcat:7.0.36
  • Apache Software Foundation Tomcat 7.0.37
    cpe:2.3:a:apache:tomcat:7.0.37
  • Apache Software Foundation Tomcat 7.0.38
    cpe:2.3:a:apache:tomcat:7.0.38
  • Apache Software Foundation Tomcat 7.0.39
    cpe:2.3:a:apache:tomcat:7.0.39
  • Apache Software Foundation Tomcat 7.0.40
    cpe:2.3:a:apache:tomcat:7.0.40
  • Apache Software Foundation Tomcat 7.0.41
    cpe:2.3:a:apache:tomcat:7.0.41
  • Apache Software Foundation Tomcat 7.0.42
    cpe:2.3:a:apache:tomcat:7.0.42
  • Apache Software Foundation Tomcat 7.0.43
    cpe:2.3:a:apache:tomcat:7.0.43
  • Apache Software Foundation Tomcat 7.0.44
    cpe:2.3:a:apache:tomcat:7.0.44
  • Apache Software Foundation Tomcat 7.0.45
    cpe:2.3:a:apache:tomcat:7.0.45
  • Apache Software Foundation Tomcat 7.0.46
    cpe:2.3:a:apache:tomcat:7.0.46
  • Apache Software Foundation Tomcat 7.0.47
    cpe:2.3:a:apache:tomcat:7.0.47
  • Apache Software Foundation Tomcat 7.0.48
    cpe:2.3:a:apache:tomcat:7.0.48
  • Apache Software Foundation Tomcat 7.0.49
    cpe:2.3:a:apache:tomcat:7.0.49
  • Apache Software Foundation Tomcat 7.0.50
    cpe:2.3:a:apache:tomcat:7.0.50
  • Apache Software Foundation Tomcat 7.0.51
    cpe:2.3:a:apache:tomcat:7.0.51
  • Apache Software Foundation Tomcat 7.0.52
    cpe:2.3:a:apache:tomcat:7.0.52
  • Apache Software Foundation Tomcat 7.0.53
    cpe:2.3:a:apache:tomcat:7.0.53
  • Apache Software Foundation Tomcat 7.0.54
    cpe:2.3:a:apache:tomcat:7.0.54
  • Apache Software Foundation Tomcat 7.0.55
    cpe:2.3:a:apache:tomcat:7.0.55
  • Apache Software Foundation Tomcat 7.0.56
    cpe:2.3:a:apache:tomcat:7.0.56
  • Apache Software Foundation Tomcat 7.0.57
    cpe:2.3:a:apache:tomcat:7.0.57
  • Apache Software Foundation Tomcat 7.0.58
    cpe:2.3:a:apache:tomcat:7.0.58
  • Apache Tomcat 7.0.59
    cpe:2.3:a:apache:tomcat:7.0.59
  • Apache Software Foundation Tomcat 7.0.60
    cpe:2.3:a:apache:tomcat:7.0.60
  • Apache Tomcat 7.0.61
    cpe:2.3:a:apache:tomcat:7.0.61
  • Apache Tomcat 7.0.62
    cpe:2.3:a:apache:tomcat:7.0.62
  • Apache Tomcat 7.0.63
    cpe:2.3:a:apache:tomcat:7.0.63
  • Apache Tomcat 7.0.64
    cpe:2.3:a:apache:tomcat:7.0.64
  • Apache Software Foundation Tomcat 7.0.65
    cpe:2.3:a:apache:tomcat:7.0.65
  • Apache Software Foundation Tomcat 7.0.66
    cpe:2.3:a:apache:tomcat:7.0.66
  • Apache Software Foundation Tomcat 7.0.67
    cpe:2.3:a:apache:tomcat:7.0.67
  • Apache Software Foundation Tomcat 7.0.68
    cpe:2.3:a:apache:tomcat:7.0.68
  • Apache Software Foundation Tomcat 7.0.69
    cpe:2.3:a:apache:tomcat:7.0.69
  • Apache Software Foundation Tomcat 7.0.70
    cpe:2.3:a:apache:tomcat:7.0.70
  • Apache Software Foundation Tomcat 7.0.71
    cpe:2.3:a:apache:tomcat:7.0.71
  • Apache Software Foundation Tomcat 7.0.72
    cpe:2.3:a:apache:tomcat:7.0.72
  • Apache Software Foundation Tomcat 7.0.73
    cpe:2.3:a:apache:tomcat:7.0.73
  • Apache Software Foundation Tomcat 7.0.74
    cpe:2.3:a:apache:tomcat:7.0.74
  • Apache Software Foundation Tomcat 7.0.75
    cpe:2.3:a:apache:tomcat:7.0.75
  • Apache Software Foundation Tomcat 7.0.76
    cpe:2.3:a:apache:tomcat:7.0.76
  • Apache Software Foundation Tomcat 7.0.77
    cpe:2.3:a:apache:tomcat:7.0.77
  • Apache Software Foundation Tomcat 7.0.78
    cpe:2.3:a:apache:tomcat:7.0.78
  • Apache Software Foundation Tomcat 7.0.79
    cpe:2.3:a:apache:tomcat:7.0.79
  • Apache Software Foundation Tomcat 7.0.80
    cpe:2.3:a:apache:tomcat:7.0.80
  • Apache Software Foundation Tomcat 7.0.81
    cpe:2.3:a:apache:tomcat:7.0.81
  • Apache Software Foundation Tomcat 7.0.82
    cpe:2.3:a:apache:tomcat:7.0.82
  • Apache Software Foundation Tomcat 7.0.83
    cpe:2.3:a:apache:tomcat:7.0.83
  • Apache Software Foundation Tomcat 7.0.84
    cpe:2.3:a:apache:tomcat:7.0.84
  • Apache Software Foundation Tomcat 7.0.85
    cpe:2.3:a:apache:tomcat:7.0.85
  • Apache Software Foundation Tomcat 7.0.86
    cpe:2.3:a:apache:tomcat:7.0.86
  • Apache Software Foundation Tomcat 7.0.87
    cpe:2.3:a:apache:tomcat:7.0.87
  • Apache Software Foundation Tomcat 7.0.88
    cpe:2.3:a:apache:tomcat:7.0.88
  • Apache Software Foundation Tomcat 7.0.89
    cpe:2.3:a:apache:tomcat:7.0.89
  • Apache Software Foundation Tomcat 7.0.90
    cpe:2.3:a:apache:tomcat:7.0.90
  • Apache Software Foundation Tomcat 8.5.0
    cpe:2.3:a:apache:tomcat:8.5.0
  • Apache Software Foundation Tomcat 8.5.1
    cpe:2.3:a:apache:tomcat:8.5.1
  • Apache Software Foundation Tomcat 8.5.2
    cpe:2.3:a:apache:tomcat:8.5.2
  • Apache Software Foundation Tomcat 8.5.3
    cpe:2.3:a:apache:tomcat:8.5.3
  • Apache Software Foundation Tomcat 8.5.4
    cpe:2.3:a:apache:tomcat:8.5.4
  • Apache Software Foundation Tomcat 8.5.5
    cpe:2.3:a:apache:tomcat:8.5.5
  • Apache Software Foundation Tomcat 8.5.6
    cpe:2.3:a:apache:tomcat:8.5.6
  • Apache Software Foundation Tomcat 8.5.7
    cpe:2.3:a:apache:tomcat:8.5.7
  • Apache Software Foundation Tomcat 8.5.8
    cpe:2.3:a:apache:tomcat:8.5.8
  • Apache Software Foundation Tomcat 8.5.9
    cpe:2.3:a:apache:tomcat:8.5.9
  • Apache Software Foundation Tomcat 8.5.10
    cpe:2.3:a:apache:tomcat:8.5.10
  • Apache Software Foundation Tomcat 8.5.11
    cpe:2.3:a:apache:tomcat:8.5.11
  • Apache Software Foundation Tomcat 8.5.12
    cpe:2.3:a:apache:tomcat:8.5.12
  • Apache Software Foundation Tomcat 8.5.13
    cpe:2.3:a:apache:tomcat:8.5.13
  • Apache Software Foundation Tomcat 8.5.14
    cpe:2.3:a:apache:tomcat:8.5.14
  • Apache Software Foundation Tomcat 8.5.15
    cpe:2.3:a:apache:tomcat:8.5.15
  • Apache Software Foundation Tomcat 8.5.16
    cpe:2.3:a:apache:tomcat:8.5.16
  • Apache Software Foundation Tomcat 8.5.17
    cpe:2.3:a:apache:tomcat:8.5.17
  • Apache Software Foundation Tomcat 8.5.18
    cpe:2.3:a:apache:tomcat:8.5.18
  • Apache Software Foundation Tomcat 8.5.19
    cpe:2.3:a:apache:tomcat:8.5.19
  • Apache Software Foundation Tomcat 8.5.20
    cpe:2.3:a:apache:tomcat:8.5.20
  • Apache Software Foundation Tomcat 8.5.21
    cpe:2.3:a:apache:tomcat:8.5.21
  • Apache Software Foundation Tomcat 8.5.22
    cpe:2.3:a:apache:tomcat:8.5.22
  • Apache Software Foundation Tomcat 8.5.23
    cpe:2.3:a:apache:tomcat:8.5.23
  • Apache Software Foundation Tomcat 8.5.24
    cpe:2.3:a:apache:tomcat:8.5.24
  • Apache Software Foundation Tomcat 8.5.25
    cpe:2.3:a:apache:tomcat:8.5.25
  • Apache Software Foundation Tomcat 8.5.26
    cpe:2.3:a:apache:tomcat:8.5.26
  • Apache Software Foundation Tomcat 8.5.27
    cpe:2.3:a:apache:tomcat:8.5.27
  • Apache Software Foundation Tomcat 8.5.28
    cpe:2.3:a:apache:tomcat:8.5.28
  • Apache Software Foundation Tomcat 8.5.29
    cpe:2.3:a:apache:tomcat:8.5.29
  • Apache Software Foundation Tomcat 8.5.30
    cpe:2.3:a:apache:tomcat:8.5.30
  • Apache Software Foundation Tomcat 8.5.31
    cpe:2.3:a:apache:tomcat:8.5.31
  • Apache Software Foundation Tomcat 8.5.32
    cpe:2.3:a:apache:tomcat:8.5.32
  • Apache Software Foundation Tomcat 8.5.33
    cpe:2.3:a:apache:tomcat:8.5.33
  • cpe:2.3:a:apache:tomcat:9.0.0
    cpe:2.3:a:apache:tomcat:9.0.0
  • Apache Software Foundation Tomcat 9.0.0 M1
    cpe:2.3:a:apache:tomcat:9.0.0:m1
  • Apache Software Foundation Tomcat 9.0.0 M10
    cpe:2.3:a:apache:tomcat:9.0.0:m10
  • Apache Software Foundation Tomcat 9.0.0 M11
    cpe:2.3:a:apache:tomcat:9.0.0:m11
  • Apache Software Foundation Tomcat 9.0.0 M12
    cpe:2.3:a:apache:tomcat:9.0.0:m12
  • Apache Software Foundation Tomcat 9.0.0 M13
    cpe:2.3:a:apache:tomcat:9.0.0:m13
  • Apache Software Foundation Tomcat 9.0.0 M14
    cpe:2.3:a:apache:tomcat:9.0.0:m14
  • Apache Software Foundation Tomcat 9.0.0 M15
    cpe:2.3:a:apache:tomcat:9.0.0:m15
  • Apache Software Foundation Tomcat 9.0.0 M16
    cpe:2.3:a:apache:tomcat:9.0.0:m16
  • Apache Software Foundation Tomcat 9.0.0 M17
    cpe:2.3:a:apache:tomcat:9.0.0:m17
  • Apache Software Foundation Tomcat 9.0.0 M18
    cpe:2.3:a:apache:tomcat:9.0.0:m18
  • Apache Software Foundation Tomcat 9.0.0 M19
    cpe:2.3:a:apache:tomcat:9.0.0:m19
  • Apache Software Foundation Tomcat 9.0.0 M2
    cpe:2.3:a:apache:tomcat:9.0.0:m2
  • Apache Software Foundation Tomcat 9.0.0 M20
    cpe:2.3:a:apache:tomcat:9.0.0:m20
  • Apache Software Foundation Tomcat 9.0.0 M21
    cpe:2.3:a:apache:tomcat:9.0.0:m21
  • Apache Software Foundation Tomcat 9.0.0 M22
    cpe:2.3:a:apache:tomcat:9.0.0:m22
  • Apache Software Foundation Tomcat 9.0.0 M23
    cpe:2.3:a:apache:tomcat:9.0.0:m23
  • Apache Software Foundation Tomcat 9.0.0 M24
    cpe:2.3:a:apache:tomcat:9.0.0:m24
  • Apache Software Foundation Tomcat 9.0.0 M25
    cpe:2.3:a:apache:tomcat:9.0.0:m25
  • Apache Software Foundation Tomcat 9.0.0 M26
    cpe:2.3:a:apache:tomcat:9.0.0:m26
  • Apache Software Foundation Tomcat 9.0.0 M27
    cpe:2.3:a:apache:tomcat:9.0.0:m27
  • Apache Software Foundation Tomcat 9.0.0 M3
    cpe:2.3:a:apache:tomcat:9.0.0:m3
  • Apache Software Foundation Tomcat 9.0.0 M4
    cpe:2.3:a:apache:tomcat:9.0.0:m4
  • Apache Software Foundation Tomcat 9.0.0 M5
    cpe:2.3:a:apache:tomcat:9.0.0:m5
  • Apache Software Foundation Tomcat 9.0.0 M6
    cpe:2.3:a:apache:tomcat:9.0.0:m6
  • Apache Software Foundation Tomcat 9.0.0 M7
    cpe:2.3:a:apache:tomcat:9.0.0:m7
  • Apache Software Foundation Tomcat 9.0.0 M8
    cpe:2.3:a:apache:tomcat:9.0.0:m8
  • Apache Software Foundation Tomcat 9.0.0 M9
    cpe:2.3:a:apache:tomcat:9.0.0:m9
  • Apache Software Foundation Tomcat 9.0.1
    cpe:2.3:a:apache:tomcat:9.0.1
  • Apache Software Foundation Tomcat 9.0.2
    cpe:2.3:a:apache:tomcat:9.0.2
  • Apache Software Foundation Tomcat 9.0.3
    cpe:2.3:a:apache:tomcat:9.0.3
  • Apache Software Foundation Tomcat 9.0.4
    cpe:2.3:a:apache:tomcat:9.0.4
  • Apache Software Foundation Tomcat 9.0.5
    cpe:2.3:a:apache:tomcat:9.0.5
  • Apache Software Foundation Tomcat 9.0.6
    cpe:2.3:a:apache:tomcat:9.0.6
  • Apache Software Foundation Tomcat 9.0.7
    cpe:2.3:a:apache:tomcat:9.0.7
  • Apache Software Foundation Tomcat 9.0.8
    cpe:2.3:a:apache:tomcat:9.0.8
  • Apache Software Foundation Tomcat 9.0.9
    cpe:2.3:a:apache:tomcat:9.0.9
  • Apache Software Foundation Tomcat 9.0.10
    cpe:2.3:a:apache:tomcat:9.0.10
  • Apache Software Foundation Tomcat 9.0.11
    cpe:2.3:a:apache:tomcat:9.0.11
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • cpe:2.3:a:netapp:snap_creator_framework
    cpe:2.3:a:netapp:snap_creator_framework
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server 7.6
    cpe:2.3:o:redhat:enterprise_linux_server:7.6
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • cpe:2.3:a:oracle:communications_application_session_controller:3.7.1
    cpe:2.3:a:oracle:communications_application_session_controller:3.7.1
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8.0
    cpe:2.3:a:oracle:communications_application_session_controller:3.8.0
  • Oracle Hospitality Guest Access 4.2.0
    cpe:2.3:a:oracle:hospitality_guest_access:4.2.0
  • Oracle Hospitality Guest Access 4.2.1
    cpe:2.3:a:oracle:hospitality_guest_access:4.2.1
  • Oracle Instantis EnterpriseTrack 17.1
    cpe:2.3:a:oracle:instantis_enterprisetrack:17.1
  • Oracle Instantis EnterpriseTrack 17.2
    cpe:2.3:a:oracle:instantis_enterprisetrack:17.2
  • Oracle Instantis EnterpriseTrack 17.3
    cpe:2.3:a:oracle:instantis_enterprisetrack:17.3
  • cpe:2.3:a:oracle:retail_order_broker:5.1
    cpe:2.3:a:oracle:retail_order_broker:5.1
  • cpe:2.3:a:oracle:retail_order_broker:5.2
    cpe:2.3:a:oracle:retail_order_broker:5.2
  • cpe:2.3:a:oracle:retail_order_broker:15.0
    cpe:2.3:a:oracle:retail_order_broker:15.0
  • Oracle Secure Global Desktop 5.4
    cpe:2.3:a:oracle:secure_global_desktop:5.4
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-601
CAPEC
  • Fake the Source of Data
    An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2019-84.NASL
    description This update for virtualbox version 5.2.24 fixes the following issues : Update fixes multiple vulnerabilities : CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309, CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526, CVE-2019-2548 CVE-2018-11763, CVE-2019-2511, CVE-2019-2508, CVE-2019-2509, CVE-2019-2527 CVE-2019-2450, CVE-2019-2451, CVE-2019-2555, CVE-2019-2554, CVE-2019-2556 CVE-2018-11784, CVE-2018-0734, CVE-2019-2525, CVE-2019-2446, CVE-2019-2448 CVE-2019-2501, CVE-2019-2504, CVE-2019-2505, CVE-2019-2506, and CVE-2019-2553 (boo#1122212). Non-security issues fixed : - Linux Additions: fix for building vboxvideo on EL 7.6 standard kernel, contributed by Robert Conde - USB: fixed a problem causing failures attaching SuperSpeed devices which report USB version 3.1 (rather than 3.0) on Windows hosts - Audio: added support for surround speaker setups used by Windows 10 Build 1809 - Linux hosts: fixed conflict between Debian and Oracle build desktop files - Linux guests: fixed building drivers on SLES 12.4 - Linux guests: fixed building shared folder driver with older kernels
    last seen 2019-02-21
    modified 2019-01-28
    plugin id 121411
    published 2019-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121411
    title openSUSE Security Update : virtualbox (openSUSE-2019-84)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3787-1.NASL
    description It was discovered that Tomcat incorrectly handled returning redirects to a directory. A remote attacker could possibly use this issue with a specially crafted URL to redirect to arbitrary URIs. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118068
    published 2018-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118068
    title Ubuntu 14.04 LTS / 16.04 LTS : tomcat7, tomcat8 vulnerability (USN-3787-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1099.NASL
    description When the default servlet in Apache Tomcat versions 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.(CVE-2018-11784)
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118803
    published 2018-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118803
    title Amazon Linux AMI : tomcat7 (ALAS-2018-1099)
  • NASL family Misc.
    NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2019_CPU.NASL
    description The version of Oracle Secure Global Desktop installed on the remote host is 5.4 and is missing a security patch from the January 2019 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities: - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - An unvalidated redirect vulnerability exists in the default servlet in Apache Tomcat due to improper input validation. An unauthenticated remote attack can exploit this issue via a specially crafted URL to cause the redirect to be generated to any URI of the attackers choice. (CVE-2018-11784)
    last seen 2019-02-21
    modified 2019-02-05
    plugin id 121601
    published 2019-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121601
    title Oracle Secure Global Desktop Multiple Vulnerabilities (January 2019 CPU)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1544.NASL
    description Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. For Debian 8 'Jessie', this problem has been fixed in version 7.0.56-3+really7.0.91-1. We recommend that you upgrade your tomcat7 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118096
    published 2018-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118096
    title Debian DLA-1544-1 : tomcat7 security update
  • NASL family Web Servers
    NASL id TOMCAT_7_0_91.NASL
    description The version of Apache Tomcat installed on the remote host is 7.0.x prior to 7.0.91. It is, therefore, affected by a open redirect vulnerability.
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 118035
    published 2018-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118035
    title Apache Tomcat 7.0.0 < 7.0.91 Open Redirect Weakness
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1545.NASL
    description Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. For Debian 8 'Jessie', this problem has been fixed in version 8.0.14-1+deb8u14. We recommend that you upgrade your tomcat8 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118119
    published 2018-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118119
    title Debian DLA-1545-1 : tomcat8 security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2868.NASL
    description An update is now available for Red Hat JBoss Web Server 5.0 for RHEL 6 and Red Hat JBoss Web Server 5.0 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 5.0, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * tomcat: Information Disclosure (CVE-2018-8037) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 117912
    published 2018-10-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117912
    title RHEL 6 / 7 : Red Hat JBoss Web Server 5.0 Service Pack 1 (RHSA-2018:2868)
  • NASL family Web Servers
    NASL id TOMCAT_9_0_11.NASL
    description The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.12. It is, therefore, affected by a open redirect vulnerability.
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 118037
    published 2018-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118037
    title Apache Tomcat 9.0.0.M1 < 9.0.12 Open Redirect Weakness
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1276.NASL
    description This update for tomcat fixes the following issues : - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118446
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118446
    title openSUSE Security Update : tomcat (openSUSE-2018-1276)
  • NASL family Web Servers
    NASL id TOMCAT_8_5_34.NASL
    description The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.34. It is, therefore, affected by a open redirect vulnerability.
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 118036
    published 2018-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118036
    title Apache Tomcat 8.5.x < 8.5.34 Open Redirect Weakness
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1504.NASL
    description This update for tomcat to 9.0.12 fixes the following issues : See the full changelog at: http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_( markt) Security issues fixed : - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 119540
    published 2018-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119540
    title openSUSE Security Update : tomcat (openSUSE-2018-1504)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2019-0131.NASL
    description An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * tomcat: host name verification missing in WebSocket client (CVE-2018-8034) * tomcat: Open redirect in default servlet (CVE-2018-11784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2019-01-24
    plugin id 121325
    published 2019-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121325
    title RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 6 (RHSA-2019:0131)
redhat via4
advisories
  • bugzilla
    id 1636512
    title CVE-2018-11784 tomcat: Open redirect in default servlet
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment tomcat is earlier than 0:7.0.76-9.el7_6
          oval oval:com.redhat.rhsa:tst:20190485007
        • comment tomcat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686006
      • AND
        • comment tomcat-admin-webapps is earlier than 0:7.0.76-9.el7_6
          oval oval:com.redhat.rhsa:tst:20190485013
        • comment tomcat-admin-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686016
      • AND
        • comment tomcat-docs-webapp is earlier than 0:7.0.76-9.el7_6
          oval oval:com.redhat.rhsa:tst:20190485021
        • comment tomcat-docs-webapp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686014
      • AND
        • comment tomcat-el-2.2-api is earlier than 0:7.0.76-9.el7_6
          oval oval:com.redhat.rhsa:tst:20190485015
        • comment tomcat-el-2.2-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686024
      • AND
        • comment tomcat-javadoc is earlier than 0:7.0.76-9.el7_6
          oval oval:com.redhat.rhsa:tst:20190485023
        • comment tomcat-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686012
      • AND
        • comment tomcat-jsp-2.2-api is earlier than 0:7.0.76-9.el7_6
          oval oval:com.redhat.rhsa:tst:20190485005
        • comment tomcat-jsp-2.2-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686018
      • AND
        • comment tomcat-jsvc is earlier than 0:7.0.76-9.el7_6
          oval oval:com.redhat.rhsa:tst:20190485017
        • comment tomcat-jsvc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686022
      • AND
        • comment tomcat-lib is earlier than 0:7.0.76-9.el7_6
          oval oval:com.redhat.rhsa:tst:20190485011
        • comment tomcat-lib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686010
      • AND
        • comment tomcat-servlet-3.0-api is earlier than 0:7.0.76-9.el7_6
          oval oval:com.redhat.rhsa:tst:20190485019
        • comment tomcat-servlet-3.0-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686020
      • AND
        • comment tomcat-webapps is earlier than 0:7.0.76-9.el7_6
          oval oval:com.redhat.rhsa:tst:20190485009
        • comment tomcat-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686008
    rhsa
    id RHSA-2019:0485
    released 2019-03-12
    severity Moderate
    title RHSA-2019:0485: tomcat security update (Moderate)
  • rhsa
    id RHSA-2019:0130
  • rhsa
    id RHSA-2019:0131
rpms
  • tomcat-0:7.0.76-9.el7_6
  • tomcat-admin-webapps-0:7.0.76-9.el7_6
  • tomcat-docs-webapp-0:7.0.76-9.el7_6
  • tomcat-el-2.2-api-0:7.0.76-9.el7_6
  • tomcat-javadoc-0:7.0.76-9.el7_6
  • tomcat-jsp-2.2-api-0:7.0.76-9.el7_6
  • tomcat-jsvc-0:7.0.76-9.el7_6
  • tomcat-lib-0:7.0.76-9.el7_6
  • tomcat-servlet-3.0-api-0:7.0.76-9.el7_6
  • tomcat-webapps-0:7.0.76-9.el7_6
refmap via4
bid 105524
confirm
fedora FEDORA-2018-b18f9dd65b
misc https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
mlist
  • [announce] 20181003 [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect
  • [debian-lts-announce] 20181014 [SECURITY] [DLA 1544-1] tomcat7 security update
  • [debian-lts-announce] 20181015 [SECURITY] [DLA 1545-1] tomcat8 security update
  • [tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
ubuntu USN-3787-1
Last major update 04-10-2018 - 09:29
Published 04-10-2018 - 09:29
Last modified 11-06-2019 - 18:29
Back to Top