www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect
Date Wed, 03 Oct 2018 19:49:45 GMT
CVE-2018-11784 Apache Tomcat - Open Redirect

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.11
Apache Tomcat 8.5.0 to 8.5.33
Apache Tomcat 7.0.23 to 7.0.90
The unsupported 8.0.x release line has not been analysed but is likely
to be affected.

Description:
When the default servlet returned a redirect to a directory (e.g.
redirecting to '/foo/' when the user requested '/foo') a specially
crafted URL could be used to cause the redirect to be generated to any
URI of the attackers choice.

Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Tomcat 9.0.12 or later.
- Upgrade to Apache Tomcat 8.5.34 or later.
- Upgrade to Apache Tomcat 7.0.91 or later.
- Use mapperDirectoryRedirectEnabled="true" and
  mapperContextRootRedirectEnabled="true" on the Context to ensure that
  redirects are issued by the Mapper rather than the default Servlet.
  See the Context configuration documentation for further important
  details.

Credit:
This vulnerability was found by Sergey Bobrov and reported responsibly
to the Apache Tomcat Security Team.

History:
2018-10-03 Original advisory

References:
[1] http://tomcat.apache.org/security-9.html
[2] http://tomcat.apache.org/security-8.html
[3] http://tomcat.apache.org/security-7.html

Mime
View raw message