cpe:/a:apache:tomcat:7.0.23 cpe:/a:apache:tomcat:7.0.24 cpe:/a:apache:tomcat:7.0.25 cpe:/a:apache:tomcat:7.0.26 cpe:/a:apache:tomcat:7.0.27 cpe:/a:apache:tomcat:7.0.28 cpe:/a:apache:tomcat:7.0.29 cpe:/a:apache:tomcat:7.0.30 cpe:/a:apache:tomcat:7.0.31 cpe:/a:apache:tomcat:7.0.32 cpe:/a:apache:tomcat:7.0.33 cpe:/a:apache:tomcat:7.0.34 cpe:/a:apache:tomcat:7.0.35 cpe:/a:apache:tomcat:7.0.36 cpe:/a:apache:tomcat:7.0.37 cpe:/a:apache:tomcat:7.0.38 cpe:/a:apache:tomcat:7.0.39 cpe:/a:apache:tomcat:7.0.40 cpe:/a:apache:tomcat:7.0.41 cpe:/a:apache:tomcat:7.0.42 cpe:/a:apache:tomcat:7.0.43 cpe:/a:apache:tomcat:7.0.44 cpe:/a:apache:tomcat:7.0.45 cpe:/a:apache:tomcat:7.0.46 cpe:/a:apache:tomcat:7.0.47 cpe:/a:apache:tomcat:7.0.48 cpe:/a:apache:tomcat:7.0.49 cpe:/a:apache:tomcat:7.0.50 cpe:/a:apache:tomcat:7.0.51 cpe:/a:apache:tomcat:7.0.52 cpe:/a:apache:tomcat:7.0.53 cpe:/a:apache:tomcat:7.0.54 cpe:/a:apache:tomcat:7.0.55 cpe:/a:apache:tomcat:7.0.56 cpe:/a:apache:tomcat:7.0.57 cpe:/a:apache:tomcat:7.0.58 cpe:/a:apache:tomcat:7.0.59 cpe:/a:apache:tomcat:7.0.60 cpe:/a:apache:tomcat:7.0.61 cpe:/a:apache:tomcat:7.0.62 cpe:/a:apache:tomcat:7.0.63 cpe:/a:apache:tomcat:7.0.64 cpe:/a:apache:tomcat:7.0.65 cpe:/a:apache:tomcat:7.0.66 cpe:/a:apache:tomcat:7.0.67 cpe:/a:apache:tomcat:7.0.68 cpe:/a:apache:tomcat:7.0.69 cpe:/a:apache:tomcat:7.0.70 cpe:/a:apache:tomcat:7.0.71 cpe:/a:apache:tomcat:7.0.72 cpe:/a:apache:tomcat:7.0.73 cpe:/a:apache:tomcat:7.0.74 cpe:/a:apache:tomcat:7.0.75 cpe:/a:apache:tomcat:7.0.76 cpe:/a:apache:tomcat:7.0.77 cpe:/a:apache:tomcat:7.0.78 cpe:/a:apache:tomcat:7.0.79 cpe:/a:apache:tomcat:7.0.80 cpe:/a:apache:tomcat:7.0.81 cpe:/a:apache:tomcat:7.0.82 cpe:/a:apache:tomcat:7.0.83 cpe:/a:apache:tomcat:7.0.84 cpe:/a:apache:tomcat:7.0.85 cpe:/a:apache:tomcat:7.0.86 cpe:/a:apache:tomcat:7.0.87 cpe:/a:apache:tomcat:7.0.88 cpe:/a:apache:tomcat:7.0.89 cpe:/a:apache:tomcat:7.0.90 cpe:/a:apache:tomcat:8.5.0 cpe:/a:apache:tomcat:8.5.1 cpe:/a:apache:tomcat:8.5.2 cpe:/a:apache:tomcat:8.5.3 cpe:/a:apache:tomcat:8.5.4 cpe:/a:apache:tomcat:8.5.5 cpe:/a:apache:tomcat:8.5.6 cpe:/a:apache:tomcat:8.5.7 cpe:/a:apache:tomcat:8.5.8 cpe:/a:apache:tomcat:8.5.9 cpe:/a:apache:tomcat:8.5.10 cpe:/a:apache:tomcat:8.5.11 cpe:/a:apache:tomcat:8.5.12 cpe:/a:apache:tomcat:8.5.13 cpe:/a:apache:tomcat:8.5.14 cpe:/a:apache:tomcat:8.5.15 cpe:/a:apache:tomcat:8.5.16 cpe:/a:apache:tomcat:8.5.17 cpe:/a:apache:tomcat:8.5.18 cpe:/a:apache:tomcat:8.5.19 cpe:/a:apache:tomcat:8.5.20 cpe:/a:apache:tomcat:8.5.21 cpe:/a:apache:tomcat:8.5.22 cpe:/a:apache:tomcat:8.5.23 cpe:/a:apache:tomcat:8.5.24 cpe:/a:apache:tomcat:8.5.25 cpe:/a:apache:tomcat:8.5.26 cpe:/a:apache:tomcat:8.5.27 cpe:/a:apache:tomcat:8.5.28 cpe:/a:apache:tomcat:8.5.29 cpe:/a:apache:tomcat:8.5.30 cpe:/a:apache:tomcat:8.5.31 cpe:/a:apache:tomcat:8.5.32 cpe:/a:apache:tomcat:8.5.33 cpe:/a:apache:tomcat:9.0.0 cpe:/a:apache:tomcat:9.0.0:m1 cpe:/a:apache:tomcat:9.0.0:m10 cpe:/a:apache:tomcat:9.0.0:m11 cpe:/a:apache:tomcat:9.0.0:m12 cpe:/a:apache:tomcat:9.0.0:m13 cpe:/a:apache:tomcat:9.0.0:m14 cpe:/a:apache:tomcat:9.0.0:m15 cpe:/a:apache:tomcat:9.0.0:m16 cpe:/a:apache:tomcat:9.0.0:m17 cpe:/a:apache:tomcat:9.0.0:m18 cpe:/a:apache:tomcat:9.0.0:m19 cpe:/a:apache:tomcat:9.0.0:m2 cpe:/a:apache:tomcat:9.0.0:m20 cpe:/a:apache:tomcat:9.0.0:m21 cpe:/a:apache:tomcat:9.0.0:m22 cpe:/a:apache:tomcat:9.0.0:m23 cpe:/a:apache:tomcat:9.0.0:m24 cpe:/a:apache:tomcat:9.0.0:m25 cpe:/a:apache:tomcat:9.0.0:m26 cpe:/a:apache:tomcat:9.0.0:m27 cpe:/a:apache:tomcat:9.0.0:m3 cpe:/a:apache:tomcat:9.0.0:m4 cpe:/a:apache:tomcat:9.0.0:m5 cpe:/a:apache:tomcat:9.0.0:m6 cpe:/a:apache:tomcat:9.0.0:m7 cpe:/a:apache:tomcat:9.0.0:m8 cpe:/a:apache:tomcat:9.0.0:m9 cpe:/a:apache:tomcat:9.0.1 cpe:/a:apache:tomcat:9.0.2 cpe:/a:apache:tomcat:9.0.3 cpe:/a:apache:tomcat:9.0.4 cpe:/a:apache:tomcat:9.0.5 cpe:/a:apache:tomcat:9.0.6 cpe:/a:apache:tomcat:9.0.7 cpe:/a:apache:tomcat:9.0.8 cpe:/a:apache:tomcat:9.0.9 cpe:/a:apache:tomcat:9.0.10 cpe:/a:apache:tomcat:9.0.11 cpe:/a:netapp:snap_creator_framework:- cpe:/a:oracle:communications_application_session_controller:3.7.1 cpe:/a:oracle:communications_application_session_controller:3.8.0 cpe:/a:oracle:hospitality_guest_access:4.2.0 cpe:/a:oracle:hospitality_guest_access:4.2.1 cpe:/a:oracle:instantis_enterprisetrack:17.1 cpe:/a:oracle:instantis_enterprisetrack:17.2 cpe:/a:oracle:instantis_enterprisetrack:17.3 cpe:/a:oracle:retail_order_broker:5.1 cpe:/a:oracle:retail_order_broker:5.2 cpe:/a:oracle:retail_order_broker:15.0 cpe:/a:oracle:secure_global_desktop:5.4 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~ cpe:/o:debian:debian_linux:8.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:7.0 cpe:/o:redhat:enterprise_linux_server:7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6 cpe:/o:redhat:enterprise_linux_workstation:7.0 CVE-2018-11784 2018-10-04T09:29:00.330-04:00 2019-06-11T18:29:01.967-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 105524 FEDORA FEDORA-2018-b18f9dd65b REDHAT RHSA-2019:0130 REDHAT RHSA-2019:0131 REDHAT RHSA-2019:0485 REDHAT RHSA-2019:1529 UBUNTU USN-3787-1 MLIST [announce] 20181003 [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect MLIST [debian-lts-announce] 20181014 [SECURITY] [DLA 1544-1] tomcat7 security update MLIST [debian-lts-announce] 20181015 [SECURITY] [DLA 1545-1] tomcat8 security update MLIST [tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10284 CONFIRM https://security.netapp.com/advisory/ntap-20181014-0002/ MISC https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html CONFIRM https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html MISC https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html SUSE openSUSE-SU-2019:1547 SUSE openSUSE-SU-2019:1814 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.