Apache Tomcat 9.0.x < 9.0.12 Open Redirect Weakness
Medium Nessus Network Monitor Plugin ID 700709
SynopsisThe remote web server is missing an Apache Tomcat patch update.
DescriptionThe version of Apache Tomcat installed on the remote host is version 9.0.x prior to 9.0.12. It is, therefore, affected by an open redirect vulnerability. When the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
SolutionUpdate to Apache Tomcat version 9.0.12 or later.