Apache Tomcat Redirect Vulnerability
CVE-2018-11784 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Learn more about our Cis Benchmark Audit For Apache Http Server.