Apache Tomcat Server - Open Redirect (CVE-2018-11784)
- Severity
- CVSSv3 Score
- 4.3
- Exploitable with Sniper
- No
- Vulnerability description
Apache Tomcat Server is affected by an Open Redirect vulnerability, located in the DefaultServlet class. The root cause of this vulnerability consists in insufficient checks on the URL, which an attacker can exploit to create special redirection URLs using the server's base URL.
- Risk description
The risk exists that a remote unauthenticated attacker could exploit this vulnerability by creating a misleading URL which redirects users to a website of the attacker's choosing in order to steal their confidential information.
- Recommendation
Upgrade the Apache Tomcat Server to the latest version or a version equal to or higher than 7.0.91, 8.5.34, 9.0.12.
- References
https://nvd.nist.gov/vuln/detail/CVE-2018-11784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784
- Detectable with
- Network Scanner
- Vuln date
- Oct 2018
- Published at
- Updated at
- Software Type
- Web server
- Vendor
- Apache
- Product
- Tomcat
- Codename
- Not available