When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
A vulnerability in Apache Tomcat could allow an unauthenticated, remote attacker to conduct an open redirect attack on a targeted system.
The vulnerability is due to improper validation of URLs by the affected software when the default servlet returns a redirect to a directory. An attacker could exploit this vulnerability by submitting a malicious URL to a targeted system. A successful exploit could cause the redirect to go to any URI of the attacker's choice.
The Apache Software Foundation confirmed the vulnerability and released software updates.
Administrators are advised to apply the appropriate software updates.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to monitor affected systems.
To exploit this vulnerability, the attacker may need access to trusted, internal networks behind a firewall in order to send a crafted URL to the targeted system. This access requirement may reduce the likelihood of a successful exploit.
Awesome CVE PoC A curated list of CVE PoCs. Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security. Please read the contribution guidelines before contributing. This repo is full of PoCs for CVEs. If you enjoy this awesome list and would like to support it, check out my Patreon page :