CVE-2018-11784
Last modified
CVE-2018-11784 is a vulnerability of currently unknown severity. When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.. EPSS estimates a 94.49% chance of exploitation in the next 30 days.
Description
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | >= 7.0.23, <= 7.0.90 |
| Apache | Tomcat | >= 8.5.0, <= 8.5.33 |
| Apache | Tomcat | >= 9.0.1, <= 9.0.11 |
| Apache | Tomcat | 9.0.0 |
| Debian | Debian Linux | 8.0 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 16.04 |
| Netapp | Snap Creator Framework | All versions |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server | 7.6 |
| Redhat | Enterprise Linux Server Aus | 7.6 |
| Redhat | Enterprise Linux Server Eus | 7.6 |
| Redhat | Enterprise Linux Server Tus | 7.6 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Oracle | Communications Application Session Controller | 3.7.1 |
| Oracle | Communications Application Session Controller | 3.8.0 |
| Oracle | Hospitality Guest Access | 4.2.0 |
| Oracle | Hospitality Guest Access | 4.2.1 |
| Oracle | Instantis Enterprisetrack | 17.1 |
| Oracle | Instantis Enterprisetrack | 17.2 |
| Oracle | Instantis Enterprisetrack | 17.3 |
| Oracle | Retail Order Broker | 5.1 |
| Oracle | Retail Order Broker | 5.2 |
| Oracle | Retail Order Broker | 15.0 |
| Oracle | Secure Global Desktop | 5.4 |
References
- http://www.securityfocus.com/bid/105524Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2019:0130Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:0131Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:0485Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/10/msg00005.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/10/msg00006.htmlThird Party Advisory
- https://security.netapp.com/advisory/ntap-20181014-0002/Third Party Advisory
- https://usn.ubuntu.com/3787-1/Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
- http://www.securityfocus.com/bid/105524Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2019:0130Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:0131Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:0485Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/10/msg00005.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/10/msg00006.htmlThird Party Advisory
- https://security.netapp.com/advisory/ntap-20181014-0002/Third Party Advisory
- https://usn.ubuntu.com/3787-1/Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11784?
How severe is CVE-2018-11784?
How do I fix CVE-2018-11784?
Are you affected by CVE-2018-11784?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST