Threat Encyclopedia

Apache.Tomcat.DefaultServlet.Open.Redirect

description-logoDescription

This indicates an attack attempt to exploit an Open Redirect vulnerability in Apache Tomcat.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. An attacker can exploit this by tricking an unsuspecting user into opening an crafted URL, leading to further attacks.

affected-products-logoAffected Products

Apache Software Foundation Tomcat 7.0.23 to 7.0.90
Apache Software Foundation Tomcat 8.5.0 to 8.5.33
Apache Software Foundation Tomcat 9.0.0.M1 to 9.0.11

Impact logoImpact

System Compromise: Remote attackers redirect users to attacker-controlled websites, tricking users into disclosing sensitive information or executing arbitrary code leading to a system compromise.

recomended-action-logoRecommended Actions

Refer to the vendor's advisory of the vulnerable versions for updates:
http://tomcat.apache.org/security-9.html
http://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-7.html

CVE References

CVE-2018-11784

Telemetry logoTelemetry