4.3
CVSSv2

CVE-2018-11784

Published: 04/10/2018 Updated: 11/06/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheTomcat7.0.23, 7.0.24, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.31, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.36, 7.0.37, 7.0.38, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.43, 7.0.44, 7.0.45, 7.0.46, 7.0.47, 7.0.48, 7.0.49, 7.0.50, 7.0.51, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.58, 7.0.59, 7.0.60, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.66, 7.0.67, 7.0.68, 7.0.69, 7.0.70, 7.0.71, 7.0.72, 7.0.73, 7.0.74, 7.0.75, 7.0.76, 7.0.77, 7.0.78, 7.0.79, 7.0.80, 7.0.81, 7.0.82, 7.0.83, 7.0.84, 7.0.85, 7.0.86, 7.0.87, 7.0.88, 7.0.89, 7.0.90, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.5.6, 8.5.7, 8.5.8, 8.5.9, 8.5.10, 8.5.11, 8.5.12, 8.5.13, 8.5.14, 8.5.15, 8.5.16, 8.5.17, 8.5.18, 8.5.19, 8.5.20, 8.5.21, 8.5.22, 8.5.23, 8.5.24, 8.5.25, 8.5.26, 8.5.27, 8.5.28, 8.5.29, 8.5.30, 8.5.31, 8.5.32, 8.5.33, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.0.11
NetappSnap Creator Framework-
OracleCommunications Application Session Controller3.7.1, 3.8.0
OracleHospitality Guest Access4.2.0, 4.2.1
OracleInstantis Enterprisetrack17.1, 17.2, 17.3
OracleRetail Order Broker5.1, 5.2, 15.0
OracleSecure Global Desktop5.4
CanonicalUbuntu Linux14.04, 16.04
DebianDebian Linux8.0
RedhatEnterprise Linux Desktop7.0
RedhatEnterprise Linux Server7.0, 7.6
RedhatEnterprise Linux Server Aus7.6
RedhatEnterprise Linux Server Eus7.6
RedhatEnterprise Linux Server Tus7.6
RedhatEnterprise Linux Workstation7.0

Vendor Advisories

Synopsis Moderate: tomcat security update Type/Severity Security Advisory: Moderate Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, whic ...
Tomcat could be made to redirect to arbitrary locations ...
Synopsis Moderate: Red Hat JBoss Web Server 31 Service Pack 6 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this release as having a security impactof Moderate A Common Vulnerabilit ...
Synopsis Moderate: Red Hat JBoss Web Server 31 Service Pack 6 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this release as hav ...
Synopsis Important: pki-deps:106 security update Type/Severity Security Advisory: Important Topic An update for the pki-deps:106 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sy ...
Synopsis Important: Red Hat JBoss Web Server 50 Service Pack 1 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 50 for RHEL 6 and Red Hat JBoss Web Server 50 for RHEL 7Red Hat Product Security has rated this release as h ...
When the default servlet in Apache Tomcat versions 7023 to 7090 returned a redirect to a directory (eg redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice(CVE-2018-11784 ) ...
Synopsis Important: Red Hat JBoss Web Server 50 Service Pack 1 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 50 for RHEL 6 and Red Hat JBoss Web Server 50 for RHEL 7Red Hat Product Security has rated this release as h ...
When the default servlet in Apache Tomcat versions 900M1 to 9011, 850 to 8533 and 7023 to 7090 returned a redirect to a directory (eg redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice ...
When the default servlet in Apache Tomcat returned a redirect to a directory (eg redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice (CVE-2018-11784 ) When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in A ...
A vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products Apache Tomcat is used in the management GUI of the product The Command Line Interface is unaffected ...
Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Apache Tomcat ...
IBM WebSphere Cast Iron Solution has addressed the following vulnerabilities reported in Apache Tomcat v7 ...
When the default servlet in Apache Tomcat returned a redirect to a directory (eg redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice(CVE-2018-11784 ) ...
Oracle Solaris Third Party Bulletin - October 2018 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critic ...
Oracle Critical Patch Update Advisory - January 2019 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...

Github Repositories

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

References

CWE-601http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.htmlhttp://www.securityfocus.com/bid/105524https://access.redhat.com/errata/RHSA-2019:0130https://access.redhat.com/errata/RHSA-2019:0131https://access.redhat.com/errata/RHSA-2019:0485https://access.redhat.com/errata/RHSA-2019:1529https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2018/10/msg00005.htmlhttps://lists.debian.org/debian-lts-announce/2018/10/msg00006.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/https://security.netapp.com/advisory/ntap-20181014-0002/https://usn.ubuntu.com/3787-1/https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.rapid7.com/db/vulnerabilities/suse-cve-2018-11784https://access.redhat.com/errata/RHSA-2019:0485https://usn.ubuntu.com/3787-1/https://nvd.nist.govhttps://tools.cisco.com/security/center/viewAlert.x?alertId=58973