Apache Tomcat Open Redirect Vulnerability

Submitted on 4. October 2018 - 17:34 by Anonymous (not verified).
Last update on 18. August 2020 - 16:43.

IDs:

CVE-2018-11784

Keywords:

Tomcat, Open Redirect

Description:

The Apache Tomcat HTTP Server versions 7.0.91, 8.5.34, and 9.0.12 fix the open redirect vulnerability CVE-2018-11784. Using a specially crafted URL, an attacker can trick the web application running on Tomcat to redirect the user to a URL of the attacker's choice.

Back-ends behind Airlock WAF are not affected, as Airlock WAF prevents such URLs from being sent to the back-end's Tomcat server.
Airlock IAM is not affected: it is protected by Airlock WAF as described above.

Resolution:

no action required

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

Does not affect back-end behind Airlock

Reference:

[1] Apache Tomcat 7.x vulnerabilities

[2] Apache Tomcat 8.x vulnerabilities

[3] Apache Tomcat 9.x vulnerabilities

Main menu

Navigation

User menu

You are here

Apache Tomcat Open Redirect Vulnerability

Main menu

Search form

Navigation

User menu

You are here

Apache Tomcat Open Redirect Vulnerability