You are here

Apache Tomcat Open Redirect Vulnerability

IDs: 
CVE-2018-11784
Keywords: 
Tomcat, Open Redirect
Description: 

The Apache Tomcat HTTP Server versions 7.0.91, 8.5.34, and 9.0.12 fix the open redirect vulnerability CVE-2018-11784. Using a specially crafted URL, an attacker can trick the web application running on Tomcat to redirect the user to a URL of the attacker's choice.

  • Back-ends behind Airlock WAF are not affected, as Airlock WAF prevents such URLs from being sent to the back-end's Tomcat server.
  • Airlock IAM is not affected: it is protected by Airlock WAF as described above.
Resolution: 

no action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock