Описание
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | tomcat | Not affected | ||
| Red Hat Enterprise Linux 6 | tomcat6 | Not affected | ||
| Red Hat Fuse 7 | tomcat | Not affected | ||
| Red Hat JBoss BRMS 5 | jbossweb | Not affected | ||
| Red Hat JBoss BRMS 6 | tomcat | Not affected | ||
| Red Hat JBoss Data Grid 6 | jbossweb | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | tomcat | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | jbossweb | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 5 | jbossweb | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | jbossweb | Will not fix |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...
EPSS
5.3 Medium
CVSS3