Apache Tomcat Redirect Vulnerability

Apache Tomcat Redirect Vulnerability

CVE-2018-11784 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

Learn more about our Cis Benchmark Audit For Apache Http Server.