CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
Percentile
98.3%
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11,
8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory
(e.g. redirecting to ‘/foo/’ when the user requested ‘/foo’) a specially
crafted URL could be used to cause the redirect to be generated to any URI
of the attackers choice.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | tomcat6 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | tomcat6 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | tomcat7 | < any | UNKNOWN |
ubuntu | 14.04 | noarch | tomcat7 | < 7.0.52-1ubuntu0.16 | UNKNOWN |
ubuntu | 16.04 | noarch | tomcat7 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | tomcat8 | < 8.5.39-1ubuntu1~18.04.1 | UNKNOWN |
ubuntu | 18.10 | noarch | tomcat8 | < 8.5.39-1ubuntu1~18.10 | UNKNOWN |
ubuntu | 16.04 | noarch | tomcat8 | < 8.0.32-1ubuntu1.8 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2018-11784
lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2018-11784
security-tracker.debian.org/tracker/CVE-2018-11784
ubuntu.com/security/notices/USN-3787-1
www.cve.org/CVERecord?id=CVE-2018-11784
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
Percentile
98.3%