CVE-2018-11784 Scanner

Apache Tomcat is a web server application that is widely used to host and manage web pages and applications. Tomcat is an open-source software that is known for its reliability, flexibility, and scalability. The software serves as a trusted platform for developing and deploying Java-based applications in enterprises. Tomcat is preferred by developers as it provides an advanced development environment that enables the creation of complex web applications with ease. 

One of the security vulnerabilities that were detected in Apache Tomcat is CVE-2018-11784. This vulnerability is present in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. The vulnerability allows attackers to bypass the intended redirect URL and redirect users to an arbitrary URL of their choice. This vulnerability can be exploited by sending a specially crafted URL to the targeted server that would indicate the server to redirect users to a manipulated URL.

If the CVE-2018-11784 vulnerability is exploited, an attacker can redirect the user to a website or page containing malicious content. This can lead to the user's system being compromised, and the attacker can take control of the target system. Once the attacker gains control of the system, they can steal sensitive data, install malware, and conduct other malicious activities that can adversely impact the user's system.

At securityforeveryone.com, we offer unique and advanced cybersecurity services that can help protect digital assets from vulnerabilities such as CVE-2018-11784. Our sophisticated tools, combined with expert knowledge, enable us to help our clients detect and mitigate cyber threats quickly and effectively. By using our platform, individuals and organizations can get a comprehensive overview of their security posture and take proactive measures to ensure that their digital assets remain secure. With securityforeveryone.com, you can have peace of mind knowing that your digital assets are protected against cyber threats.

REFERENCES

• http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
• http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
• http://www.securityfocus.com/bid/105524
• https://access.redhat.com/errata/RHSA-2019:0130
• https://access.redhat.com/errata/RHSA-2019:0131
• https://access.redhat.com/errata/RHSA-2019:0485
• https://access.redhat.com/errata/RHSA-2019:1529
• https://kc.mcafee.com/corporate/index?page=content&id=SB10284
• https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
• https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html
• https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html
• https://lists.fedoraproject.org/archives/list/[email protected]/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/
• https://seclists.org/bugtraq/2019/Dec/43
• https://security.netapp.com/advisory/ntap-20181014-0002/
• https://usn.ubuntu.com/3787-1/
• https://www.debian.org/security/2019/dsa-4596
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html