Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache Tomcat URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2018-11784 - Vulnerability Database
Apache Tomcat

Apache Tomcat URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2018-11784

Medium
Reference: CVE-2018-11784
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-11784
Title: Apache Tomcat URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Overview:

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to 39/foo/39 when the user requested 39/foo39) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.