IalexeyenkoJRASERVER-68073Update Tomcat to 8.5.34 to avoid CVE-2018-11784
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.83 High
EPSS
Percentile
98.4%
h4. Open redirect in default servletΒ [CVE-2018-11784|https://access.redhat.com/security/cve/cve-2018-11784]
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to β/foo/β when the user requested β/fooβ) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Fixed versions:
-
>=9.0.12
-
>=8.5.34
-
>=7.0.91
Workaround:
{quote}Use mapperDirectoryRedirectEnabled=βtrueβ and mapperContextRootRedirectEnabled=βtrueβ on the Context to ensure that redirects are issued by the Mapper rather than the default Servlet. See the Context configuration documentation for further important details.
{quote}
| CPE | Name | Operator | Version |
|---|---|---|---|
| jira data center | le | 7.13.0 | |
| jira data center | le | 7.12.3 | |
| jira data center | lt | 7.13.2 | |
| jira data center | lt | 8.0.2 |
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.83 High
EPSS
Percentile
98.4%