CVE-2018-11784

MEDIUM

Description

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html

http://www.securityfocus.com/bid/105524

https://access.redhat.com/errata/RHSA-2019:0130

https://access.redhat.com/errata/RHSA-2019:0131

https://access.redhat.com/errata/RHSA-2019:0485

https://access.redhat.com/errata/RHSA-2019:1529

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html

https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/

https://security.netapp.com/advisory/ntap-20181014-0002/

https://usn.ubuntu.com/3787-1/

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Details

Source: MITRE

Published: 2018-10-04

Updated: 2019-06-11

Type: CWE-601

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 7.0.23 to 7.0.90 (inclusive)

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 8.5.0 to 8.5.33 (inclusive)

cpe:2.3:a:apache:tomcat:9.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m23:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m24:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m25:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m26:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m27:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 9.0.1 to 9.0.11 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 4

OR

cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
701334Apache Tomcat < 7.0.91 VulnerabilityNessus Network MonitorWeb Servers
medium
145683CentOS 8 : pki-deps:10.6 (CESA-2019:1529)NessusCentOS Local Security Checks
high
132427Debian DSA-4596-1 : tomcat8 - security updateNessusDebian Local Security Checks
high
130058Oracle Database Server Multiple Vulnerabilities (Oct 2019 CPU)NessusDatabases
high
129240EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2019-2047)NessusHuawei Local Security Checks
medium
127734openSUSE Security Update : virtualbox (openSUSE-2019-1814)NessusSuSE Local Security Checks
medium
127594Oracle Linux 8 : pki-deps:10.6 (ELSA-2019-1529)NessusOracle Linux Local Security Checks
high
127250NewStart CGSL CORE 5.04 / MAIN 5.04 : tomcat Vulnerability (NS-SA-2019-0059)NessusNewStart CGSL Local Security Checks
medium
127009EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2019-1772)NessusHuawei Local Security Checks
medium
126030RHEL 8 : pki-deps:10.6 (RHSA-2019:1529)NessusRed Hat Local Security Checks
high
125844openSUSE Security Update : virtualbox (openSUSE-2019-1547)NessusSuSE Local Security Checks
medium
125529EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2019-1602)NessusHuawei Local Security Checks
medium
125294Amazon Linux AMI : tomcat8 (ALAS-2019-1208)NessusAmazon Linux Local Security Checks
high
700709Apache Tomcat 9.0.x < 9.0.12 Open Redirect WeaknessNessus Network MonitorWeb Servers
medium
700696Apache Tomcat 8.5.x < 8.5.34 Open Redirect WeaknessNessus Network MonitorWeb Servers
medium
700681Apache Tomcat 7.0.x < 7.0.91 Open Redirect WeaknessNessus Network MonitorWeb Servers
medium
124170Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)NessusCGI abuses
high
124169Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)NessusCGI abuses
high
124127Amazon Linux 2 : tomcat (ALAS-2019-1192)NessusAmazon Linux Local Security Checks
medium
123395openSUSE Security Update : tomcat (openSUSE-2019-972)NessusSuSE Local Security Checks
medium
122953CentOS 7 : tomcat (CESA-2019:0485)NessusCentOS Local Security Checks
medium
122863Oracle Linux 7 : tomcat (ELSA-2019-0485)NessusOracle Linux Local Security Checks
medium
122846Scientific Linux Security Update : tomcat on SL7.x (noarch) (20190313)NessusScientific Linux Local Security Checks
medium
122841RHEL 7 : tomcat (RHSA-2019:0485)NessusRed Hat Local Security Checks
medium
121601Oracle Secure Global Desktop Multiple Vulnerabilities (January 2019 CPU)NessusMisc.
medium
121411openSUSE Security Update : virtualbox (openSUSE-2019-84)NessusSuSE Local Security Checks
medium
121325RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 6 (RHSA-2019:0131)NessusRed Hat Local Security Checks
medium
119540openSUSE Security Update : tomcat (openSUSE-2018-1504)NessusSuSE Local Security Checks
medium
118803Amazon Linux AMI : tomcat7 (ALAS-2018-1099)NessusAmazon Linux Local Security Checks
medium
112316Apache Tomcat 8.5.0 < 8.5.34 Open RedirectWeb Application ScanningComponent Vulnerability
medium
112315Apache Tomcat 7.0.23 < 7.0.91 Open RedirectWeb Application ScanningComponent Vulnerability
medium
112313Apache Tomcat 9.0.0.M1 < 9.0.12 Open RedirectWeb Application ScanningComponent Vulnerability
medium
118446openSUSE Security Update : tomcat (openSUSE-2018-1276)NessusSuSE Local Security Checks
medium
118119Debian DLA-1545-1 : tomcat8 security updateNessusDebian Local Security Checks
medium
118096Debian DLA-1544-1 : tomcat7 security updateNessusDebian Local Security Checks
medium
118068Ubuntu 14.04 LTS / 16.04 LTS : Tomcat vulnerability (USN-3787-1)NessusUbuntu Local Security Checks
medium
118037Apache Tomcat 9.0.0.M1 < 9.0.12 Open Redirect WeaknessNessusWeb Servers
medium
118036Apache Tomcat 8.5.x < 8.5.34 Open Redirect WeaknessNessusWeb Servers
medium
118035Apache Tomcat 7.0.0 < 7.0.91 Open Redirect WeaknessNessusWeb Servers
medium
117912RHEL 6 / 7 : Red Hat JBoss Web Server 5.0 Service Pack 1 (RHSA-2018:2868)NessusRed Hat Local Security Checks
medium