When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to ‘/foo/’ when the user requested ‘/foo’) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (CVE-2018-11784)

Impact

An attacker may be able to craft a URL that could be used to redirect requests to a URI of the attackers choice.

kaspersky 1

nessus 35

amazon 3

ibm 17

osv 8

openvas 24

debian 3

oraclelinux 3

prion 1

redhatcve 1

nuclei 1

suse 5

zdt 1

veracode 2

ubuntu 1

debiancve 1

ubuntucve 1

cve 1

packetstorm 1

fedora 3

checkpoint_advisories 1

nvd 1

github 2

centos 1

redhat 6

atlassian 3

symantec 2

tomcat 3

cvelist 1

cisa 1

exploitdb 1

mageia 1

rocky 1

almalinux 1

hackerone 1

avleonov 1

oracle 6

kaspersky

KLA11327 SB vulnerability in Apache Tomcat

2018-10-03 00:00:00

nessus

EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2019-1602)

2019-05-29 00:00:00

openSUSE Security Update : tomcat (openSUSE-2019-972)

2019-03-27 00:00:00

Oracle Linux 7 : tomcat (ELSA-2019-0485)

2019-03-15 00:00:00

amazon

Medium: tomcat

2019-04-04 22:00:00

Medium: tomcat7

2018-11-05 19:35:00

Important: tomcat8

2019-05-16 23:11:00

ibm

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony

2021-07-02 02:32:33

Security Bulletin: IBM QRadar SIEM is vulnerable to Apache Tomcat Publicly disclosed vulnerability (CVE-2018-11784)

2019-03-05 18:10:01

Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology

2021-04-28 18:35:50

osv

CVE-2018-11784

2018-10-04 13:29:00

Apache Tomcat Open Redirect vulnerability

2018-10-17 16:31:02

tomcat8 - security update

2018-10-15 00:00:00

openvas

Ubuntu: Security Advisory (USN-3787-1)

2018-10-11 00:00:00

openSUSE: Security Advisory for tomcat (openSUSE-SU-2018:4042-1)

2018-12-10 00:00:00

CentOS Update for tomcat CESA-2019:0485 centos7

2019-03-21 00:00:00

debian

[SECURITY] [DLA 1545-1] tomcat8 security update

2018-10-15 16:56:28

[SECURITY] [DLA 1544-1] tomcat7 security update

2018-10-14 20:43:08

[SECURITY] [DSA 4596-1] tomcat8 security update

2019-12-27 22:15:49

oraclelinux

tomcat security update

2019-03-13 00:00:00

pki-deps:10.6 security update

2019-07-30 00:00:00

tomcat security, bug fix, and enhancement update

2019-08-13 00:00:00

prion

Design/Logic Flaw

2018-10-04 13:29:00

redhatcve

CVE-2018-11784

2019-11-02 09:34:32

nuclei

Apache Tomcat - Open Redirect

2021-03-18 16:22:01

suse

Security update for tomcat (moderate)

2018-10-25 18:22:29

Security update for tomcat (moderate)

2018-12-08 00:21:25

Security update for virtualbox (important)

2019-01-25 00:00:00

zdt

Apache Tomcat 9.0.0.M1 - Open Redirect Vulnerability

2021-07-13 00:00:00

veracode

Open Redirection

2019-01-15 09:25:50

Open Redirection

2018-10-04 09:06:12

ubuntu

Tomcat vulnerability

2018-10-10 00:00:00

debiancve

CVE-2018-11784

2018-10-04 13:29:00

ubuntucve

CVE-2018-11784

2018-10-04 00:00:00

cve

CVE-2018-11784

2018-10-04 13:29:00

packetstorm

Apache Tomcat 9.0.0M1 Open Redirect

2021-07-11 00:00:00

fedora

[SECURITY] Fedora 29 Update: tomcat-9.0.13-1.fc29

2019-02-13 02:48:13

[SECURITY] Fedora 29 Update: tomcat-9.0.21-1.fc29

2019-07-04 02:51:06

[SECURITY] Fedora 28 Update: tomcat-8.5.35-1.fc28

2019-04-03 02:02:31

checkpoint_advisories

Apache Tomcat Default Servlet Open Redirect (CVE-2018-11784)

2019-02-19 00:00:00

nvd

CVE-2018-11784

2018-10-04 13:29:00

github

Apache Tomcat Open Redirect vulnerability

2018-10-17 16:31:02

Open Redirect

2022-03-18 17:55:07

centos

tomcat security update

2019-03-19 14:33:17

redhat

(RHSA-2019:0485) Moderate: tomcat security update

2019-03-12 08:24:45

(RHSA-2019:0131) Moderate: Red Hat JBoss Web Server 3.1 Service Pack 6 security and bug fix update

2019-01-22 13:28:13

(RHSA-2018:2868) Important: Red Hat JBoss Web Server 5.0 Service Pack 1 security and bug fix update

2018-10-03 13:41:48

atlassian

Update Tomcat to 8.5.34 to avoid CVE-2018-11784

2018-10-10 09:22:17

Update Tomcat to 8.5.34 to avoid CVE-2018-11784

2018-10-10 09:22:17

Upgrade to Tomcat 8.5.32 necessary

2018-08-01 09:33:53

symantec

Apache Tomcat CVE-2018-11784 Open Redirection Vulnerability

2018-10-03 00:00:00

Apache Tomcat Vulnerabilities Oct 2018 – Feb 2020

2020-05-12 19:02:01

tomcat

Fixed in Apache Tomcat 8.5.34

2018-09-10 00:00:00

Fixed in Apache Tomcat 7.0.91

2018-09-19 00:00:00

Fixed in Apache Tomcat 9.0.12

2018-09-10 00:00:00

cvelist

CVE-2018-11784

2018-10-03 00:00:00

cisa

Apache Releases Security Updates for Apache Tomcat

2018-10-04 00:00:00

exploitdb

Apache Tomcat 9.0.0.M1 - Open Redirect

2021-07-13 00:00:00

mageia

Updated tomcat packages fix security vulnerabilities

2018-12-10 00:20:39

rocky

pki-deps:10.6 security update

2019-06-18 16:36:21

almalinux

Important: pki-deps:10.6 security update

2019-06-18 16:36:21

hackerone

U.S. Dept Of Defense: Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE

2020-05-14 19:38:44

avleonov

Last Week’s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins

2021-07-19 16:29:00

oracle

Oracle Critical Patch Update Advisory - January 2019

2019-01-15 00:00:00

Oracle Critical Patch Update Advisory - October 2019

2020-01-22 00:00:00

Oracle Critical Patch Update Advisory - July 2019

2019-07-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

5.1

Confidence

High

EPSS

0.784

Percentile

98.3%

JSON

Related for F5:K64921482