CVE-2018-11784

MEDIUM NUCLEI

Apache Tomcat < 7.0.90 - Open Redirect

Title source: rule

Description

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

Exploits (3)

exploitdb WORKING POC
by Central InfoSec · textwebappsmultiple
https://www.exploit-db.com/exploits/50118
github WRITEUP 21 stars
by BlackFan · poc
https://github.com/BlackFan/CVE_PoCs/tree/master/CVE-2018-11784 (Apache Tomcat)
nomisec SCANNER
by Cappricio-Securities · poc
https://github.com/Cappricio-Securities/CVE-2018-11784

Nuclei Templates (1)

Apache Tomcat - Open Redirect
MEDIUMby geeknik
Shodan: title:"Apache Tomcat" || http.title:"apache tomcat" || http.html:"apache tomcat" || cpe:"cpe:2.3:a:apache:tomcat"
FOFA: body="apache tomcat" || title="apache tomcat"

References (39)

... and 19 more

Scores

CVSS v3 4.3
EPSS 0.8262
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-601
Status published
Products (23)
apache/tomcat 9.0.0 (28 CPE variants)
apache/tomcat 7.0.23 - 7.0.90
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
debian/debian_linux 8.0
netapp/snap_creator_framework
oracle/communications_application_session_controller 3.7.1
oracle/communications_application_session_controller 3.8.0
oracle/hospitality_guest_access 4.2.0
oracle/hospitality_guest_access 4.2.1
... and 13 more
Published Oct 04, 2018
Tracked Since Feb 18, 2026