These are details on an open redirection vulnerability in Apache Tomcat version 9.0.0M1 that was discovered in 2018.
e374b72f534a0d9e0f9dad4d4370a5f0b3b70a15b8a074782e0503384eb02aabDebian Linux Security Advisory 4596-1 - Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects.
6ebceaf0d89b2cfd7371e7b66dc4d0a44198b1bc2430ecc38e1dec0541185915Red Hat Security Advisory 2019-1529-01 - The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. An open redirection vulnerability among other things have been addressed.
4a2fffd2cbeda76ca67676d661da96c81b540f4422fc1210b58c73920e0eb664Red Hat Security Advisory 2019-0485-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include an open redirection vulnerability.
91f1b324e189de936ad0d17d9e95359fa4e76f0de3a70f13e5ae827f41637af1Red Hat Security Advisory 2019-0131-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include open redirection and host name verification vulnerabilities.
d1fe1a8c5cb19911fbabc90a581032bd89b43ccfc6a45b1a54f70ec7927eac2bRed Hat Security Advisory 2019-0130-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 6 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include open redirection and host name verification.
8f28c3b3ab5ed27ee21f2c26919cb97ce6d5ec5b9cb9da6130e911d22acbecacUbuntu Security Notice 3787-1 - It was discovered that Tomcat incorrectly handled returning redirects to a directory. A remote attacker could possibly use this issue with a specially crafted URL to redirect to arbitrary URIs.
45be2d5a126cec79d3d3bfd4b9ca81d251cefa375c31302c5472f2304c932cba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed