Threat Encyclopedia



This indicates an attack attempt to exploit an Open Redirect vulnerability in Apache Tomcat.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. An attacker can exploit this by tricking an unsuspecting user into opening an crafted URL, leading to further attacks.

affected-products-logoAffected Products

Apache Software Foundation Tomcat 7.0.23 to 7.0.90
Apache Software Foundation Tomcat 8.5.0 to 8.5.33
Apache Software Foundation Tomcat 9.0.0.M1 to 9.0.11

Impact logoImpact

System Compromise: Remote attackers redirect users to attacker-controlled websites, tricking users into disclosing sensitive information or executing arbitrary code leading to a system compromise.

recomended-action-logoRecommended Actions

Refer to the vendor's advisory of the vulnerable versions for updates:

CVE References


Telemetry logoTelemetry