|Category:||Debian Local Security Checks|
|Title:||Debian LTS Advisory ([SECURITY] [DLA 1545-1] tomcat8 security update)|
|Summary:||Sergey Bobrov discovered that when the default servlet returned a;redirect to a directory (e.g. redirecting to /foo/ when the user;requested /foo) a specially crafted URL could be used to cause the;redirect to be generated to any URI of the attackers choice.|
Sergey Bobrov discovered that when the default servlet returned a
redirect to a directory (e.g. redirecting to /foo/ when the user
requested /foo) a specially crafted URL could be used to cause the
redirect to be generated to any URI of the attackers choice.
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Oracle, and provides a 'pure Java' HTTP web
server environment for Java code to run.
tomcat8 on Debian Linux
For Debian 8 'Jessie', this problem has been fixed in version
We recommend that you upgrade your tomcat8 packages.
Common Vulnerability Exposure (CVE) ID: CVE-2018-11784|
|Copyright||Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.