CVE-2018-11784

Priority
Description
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11,
8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory
(e.g. redirecting to '/foo/' when the user requested '/foo') a specially
crafted URL could be used to cause the redirect to be generated to any URI
of the attackers choice.
Assigned-to
mdeslaur
Notes
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (7.0.91)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (7.0.52-1ubuntu0.16)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1840057
Package
Upstream:released (8.5.34)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (8.0.32-1ubuntu1.8)
Ubuntu 18.04 LTS (Bionic Beaver):released (8.5.39-1ubuntu1~18.04.1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1840056
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
More Information

Updated: 2020-01-29 18:51:31 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)