CVE-2018-11784

MEDIUM NUCLEI

Apache Tomcat 7.0.23-7.0.90, 8.5.0-8.5.33, 9.0.0.M1-9.0.11 - Open Redirect via Default Servlet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-11784. PoCs published by Central InfoSec, BlackFan, Cappricio-Securities. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an open redirect vulnerability in Apache Tomcat by manipulating URLs with leading slashes. The PoC shows how a crafted URL can redirect users to unintended domains due to improper path handling.

Description

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

Exploits (3)

exploitdb WORKING POC
by Central InfoSec · textwebappsmultiple
https://www.exploit-db.com/exploits/50118

This exploit demonstrates an open redirect vulnerability in Apache Tomcat by manipulating URLs with leading slashes. The PoC shows how a crafted URL can redirect users to unintended domains due to improper path handling.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90
No auth needed
Prerequisites: Access to a vulnerable Apache Tomcat instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WRITEUP 21 stars
by BlackFan · poc
https://github.com/BlackFan/CVE_PoCs/tree/master/CVE-2018-11784 (Apache Tomcat)

The repository provides a technical description of CVE-2018-11784, an open redirect vulnerability in Apache Tomcat. It includes example URLs demonstrating the exploit but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Apache Tomcat 7.0.23 to 7.0.90, 8.5.0 to 8.5.33, 9.0.0.M1 to 9.0.11
No auth needed
Prerequisites: access to a vulnerable Apache Tomcat instance
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec SCANNER
by Cappricio-Securities · poc
https://github.com/Cappricio-Securities/CVE-2018-11784

This repository contains a Python-based scanner for detecting CVE-2018-11784, an open redirect vulnerability in Apache Tomcat. The tool checks for vulnerable endpoints and supports Telegram notifications for detected vulnerabilities.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Apache Tomcat
No auth needed
Prerequisites: Python3 · pip · target URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache Tomcat - Open Redirect
MEDIUMby geeknik
Shodan: title:"Apache Tomcat" || http.title:"apache tomcat" || http.html:"apache tomcat" || cpe:"cpe:2.3:a:apache:tomcat"
FOFA: body="apache tomcat" || title="apache tomcat"

References (39)

Core 39
Core References
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20181014-0002/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105524
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0131
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0485
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0130
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3787-1/
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1529
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4596
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Dec/43

Scores

CVSS v3 4.3
EPSS 0.8262
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-601
Status published
Products (23)
apache/tomcat 9.0.0 (28 CPE variants)
apache/tomcat 7.0.23 - 7.0.90
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
debian/debian_linux 8.0
netapp/snap_creator_framework
oracle/communications_application_session_controller 3.7.1
oracle/communications_application_session_controller 3.8.0
oracle/hospitality_guest_access 4.2.0
oracle/hospitality_guest_access 4.2.1
... and 13 more
Published Oct 04, 2018
Tracked Since Feb 18, 2026