CVE-2018-11784 (Medium) detected in tomcat-catalina-8.0.14.jar - autoclosed #197
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-jackfan.us.kg
bot
added
the
Mend: dependency security vulnerability
1 task
mend-for-jackfan.us.kg
bot
changed the title
mend-for-jackfan.us.kg
bot
changed the title
mend-for-jackfan.us.kg
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2018-11784 - Medium Severity Vulnerability
Tomcat Servlet Engine Core Classes and Standard implementations
Path to dependency file: /dd-java-agent/instrumentation/classloading/tomcat-testing/tomcat-testing.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.apache.tomcat/tomcat-catalina/8.0.14/1ab50f40dba33c2f2ec99a160fd00e739f36b24b/tomcat-catalina-8.0.14.jar
Dependency Hierarchy:
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Publish Date: 2018-10-04
URL: CVE-2018-11784
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784
Release Date: 2018-10-03
Fix Resolution: 8.5.34
⛑️ Automatic Remediation is available for this issue
The text was updated successfully, but these errors were encountered: