Apache Tomcat is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.
Versions prior to Apache Tomcat 9.0.12, 8.5.34, and 7.0.91 are vulnerable.
Information
Apache Tomcat 9.0.10
Apache Tomcat 9.0.9
Apache Tomcat 9.0.8
Apache Tomcat 9.0.7
Apache Tomcat 9.0.5
Apache Tomcat 9.0.4
Apache Tomcat 9.0.1
Apache Tomcat 8.5.32
Apache Tomcat 8.5.31
Apache Tomcat 8.5.28
Apache Tomcat 8.5.27
Apache Tomcat 8.5.23
Apache Tomcat 8.5.16
Apache Tomcat 8.5.15
Apache Tomcat 8.5.14
Apache Tomcat 8.5.13
Apache Tomcat 8.5.12
Apache Tomcat 8.5.11
Apache Tomcat 8.5.9
Apache Tomcat 8.5.8
Apache Tomcat 8.5.7
Apache Tomcat 8.5.6
Apache Tomcat 8.5.5
Apache Tomcat 8.5.4
Apache Tomcat 8.5.1
Apache Tomcat 7.0.90
Apache Tomcat 7.0.89
Apache Tomcat 7.0.88
Apache Tomcat 7.0.86
Apache Tomcat 7.0.85
Apache Tomcat 7.0.84
Apache Tomcat 7.0.82
Apache Tomcat 7.0.81
Apache Tomcat 7.0.80
Apache Tomcat 7.0.79
Apache Tomcat 7.0.78
Apache Tomcat 7.0.77
Apache Tomcat 7.0.76
Apache Tomcat 7.0.75
Apache Tomcat 7.0.74
Apache Tomcat 7.0.73
Apache Tomcat 7.0.72
Apache Tomcat 7.0.70
Apache Tomcat 7.0.69
Apache Tomcat 7.0.67
Apache Tomcat 7.0.65
Apache Tomcat 7.0.60
Apache Tomcat 7.0.59
Apache Tomcat 7.0.57
Apache Tomcat 7.0.54
Apache Tomcat 7.0.53
Apache Tomcat 7.0.50
Apache Tomcat 7.0.33
Apache Tomcat 7.0.32
Apache Tomcat 7.0.31
Apache Tomcat 7.0.30
Apache Tomcat 7.0.29
Apache Tomcat 7.0.28
Apache Tomcat 7.0.27
Apache Tomcat 7.0.26
Apache Tomcat 7.0.25
Apache Tomcat 7.0.24
Apache Tomcat 7.0.23
Apache Tomcat 7.0.17
Apache Tomcat 7.0.16
Apache Tomcat 7.0.15
Apache Tomcat 7.0.14
Apache Tomcat 7.0.13
Apache Tomcat 7.0.12
Apache Tomcat 7.0.9
Apache Tomcat 7.0.8
Apache Tomcat 7.0.7
Apache Tomcat 7.0.6
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 7.0.2
Apache Tomcat 7.0.1
Apache Tomcat 7.0
Apache Tomcat 9.0.0M8
Apache Tomcat 9.0.0M6
Apache Tomcat 9.0.0.M9
Apache Tomcat 9.0.0.M7
Apache Tomcat 9.0.0.M5
Apache Tomcat 9.0.0.M4
Apache Tomcat 9.0.0.M3
Apache Tomcat 9.0.0.M22
Apache Tomcat 9.0.0.M21
Apache Tomcat 9.0.0.M20
Apache Tomcat 9.0.0.M2
Apache Tomcat 9.0.0.M19
Apache Tomcat 9.0.0.M18
Apache Tomcat 9.0.0.M17
Apache Tomcat 9.0.0.M15
Apache Tomcat 9.0.0.M13
Apache Tomcat 9.0.0.M12
Apache Tomcat 9.0.0.M11
Apache Tomcat 9.0.0.M10
Apache Tomcat 8.5.30
Apache Tomcat 8.5.3
Apache Tomcat 8.5.2
Apache Tomcat 8.5.0
Apache Tomcat 7.0.68
Apache Tomcat 7.0.55
Apache Tomcat 7.0.5
Apache Tomcat 7.0.49
Apache Tomcat 7.0.48
Apache Tomcat 7.0.47
Apache Tomcat 7.0.46
Apache Tomcat 7.0.45
Apache Tomcat 7.0.44
Apache Tomcat 7.0.43
Apache Tomcat 7.0.42
Apache Tomcat 7.0.41
Apache Tomcat 7.0.40
Apache Tomcat 7.0.4 Beta
Apache Tomcat 7.0.39
Apache Tomcat 7.0.38
Apache Tomcat 7.0.37
Apache Tomcat 7.0.36
Apache Tomcat 7.0.35
Apache Tomcat 7.0.34
Apache Tomcat 7.0.22
Apache Tomcat 7.0.21
Apache Tomcat 7.0.20
Apache Tomcat 7.0.19
Apache Tomcat 7.0.18
Apache Tomcat 7.0.11
Apache Tomcat 7.0.10
Apache Tomcat 8.5.34
Apache Tomcat 7.0.91
Exploit
An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
References:
- [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect (Apache)
- Apache Tomcat Homepage (Apache)
- Bug 1636512 - (CVE-2018-11784) CVE-2018-11784 tomcat: Open redirect in default s (Red Hat Bugzilla)
- CVE-2018-11784 (Red Hat Bugzilla)