Scribd Logo
Upload

Welcome to Scribd!

  • Cve - Cve-2018-11784 PDF

    Uploaded by

    Spit Fire
    34 views2 pages

    Original Title

    CVE - CVE-2018-11784.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    34 views2 pages

    Cve - Cve-2018-11784 PDF

    Uploaded by

    Spit Fire

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    CVE - CVE-2018-11784 1/16/20, 2(32 PM

    CVE List CNAs WGs Board About


    News & Blog Go to for:
    CVSS Scores
    CPE Info
    Advanced Search
    Common Vulnerabilities and Exposures

    Full-Screen View
    CVE-ID

    CVE-2018-11784 Learn more at National Vulnerability Database (NVD)


    • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

    Description
    When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g.
    redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers
    choice.

    References
    Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

    BID:105524
    URL:http://www.securityfocus.com/bid/105524
    BUGTRAQ:20191229 [SECURITY] [DSA 4596-1] tomcat8 security update
    URL:https://seclists.org/bugtraq/2019/Dec/43
    CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10284
    CONFIRM:https://security.netapp.com/advisory/ntap-20181014-0002/
    CONFIRM:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
    DEBIAN:DSA-4596
    URL:https://www.debian.org/security/2019/dsa-4596
    FEDORA:FEDORA-2018-b18f9dd65b
    URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/
    MISC:https://www.oracle.com/security-alerts/cpujan2020.html
    MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
    MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
    MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
    MLIST:[announce] 20181003 [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect
    URL:https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
    MLIST:[debian-lts-announce] 20181014 [SECURITY] [DLA 1544-1] tomcat7 security update
    URL:https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html
    MLIST:[debian-lts-announce] 20181015 [SECURITY] [DLA 1545-1] tomcat8 security update
    URL:https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html
    MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
    URL:https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
    URL:https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
    URL:https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
    URL:https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/
    URL:https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
    MLIST:[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
    URL:https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
    REDHAT:RHSA-2019:0130

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784 Page 1 of 2
    CVE - CVE-2018-11784 1/16/20, 2(32 PM

    URL:https://access.redhat.com/errata/RHSA-2019:0130
    REDHAT:RHSA-2019:0131
    URL:https://access.redhat.com/errata/RHSA-2019:0131
    REDHAT:RHSA-2019:0485
    URL:https://access.redhat.com/errata/RHSA-2019:0485
    REDHAT:RHSA-2019:1529
    URL:https://access.redhat.com/errata/RHSA-2019:1529
    SUSE:openSUSE-SU-2019:1547
    URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
    SUSE:openSUSE-SU-2019:1814
    URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
    UBUNTU:USN-3787-1
    URL:https://usn.ubuntu.com/3787-1/

    Assigning CNA
    Apache Software Foundation

    Date Entry Created


    20180605 Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily
    indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
    Phase (Legacy)
    Assigned (20180605)
    Votes (Legacy)

    Comments (Legacy)

    Proposed (Legacy)
    N/A
    This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

    SEARCH CVE USING KEYWORDS: Submit


    You can also search by reference using the CVE Reference Maps.

    For More Information: CVE Request Web Form (select “Other” from dropdown)

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784 Page 2 of 2

    You might also like