You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2022/04/26 16:27:19 UTC

[Bug 66032] New: Tomcat 8.5.61 vulnerable to CVE-2018-11784

https://bz.apache.org/bugzilla/show_bug.cgi?id=66032

            Bug ID: 66032
           Summary: Tomcat 8.5.61 vulnerable to CVE-2018-11784
           Product: Tomcat 8
           Version: 8.5.61
          Hardware: HP
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: cristian.cervi@nexigroup.com
  Target Milestone: ----

Hello,
we upgraded our Tomcat version from 7.0.78 prior to 7.0.96 and then to 8.5.61
because we know that those releases were not affected by vulnerability
CVE-2018-11784, in fact, CVE says:

"When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0
to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g.
redirecting to '/foo/' when the user requested '/foo') a specially crafted URL
could be used to cause the redirect to be generated to any URI of the attackers
choice.
"

but, after both the upgrades, the vulnerability was re-checked and the company
which scans our applications says that it is still present.

We run Tomcat 8.5.61 on RHV virtual machines with Red Hat Enterprise Linux
Server release 7.3 (Maipo) kernel 3.10.0-514.26.2.el7.x86_64.

Are anyone aware of this issue? Do we do anything wrong?

Thanks in advance,
cristian

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 66032] Tomcat 8.5.61 vulnerable to CVE-2018-11784

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66032

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED

--- Comment #3 from Mark Thomas <ma...@apache.org> ---
I have confirmed that CVE-2018-11784 is fixed in Tomcat 8.5.61 and is still
present in 8.5.33 (built from source and retested the original reproducer).

If you can reproduce this issue on a clean installation of Apache Tomcat from
the ASF using a version that CVE-2018-11784 states contains the fix then you
should report that PRIVATELY to security@tomcat.apache.org and include the full
set of steps to recreate the issue from a clean install.

Note: CVE-2018-11784 can be reproduced with a clean Tomcat installation and
telnet. No additional configuration or web applications are required.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 66032] Tomcat 8.5.61 vulnerable to CVE-2018-11784

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66032

cristian <cr...@nexigroup.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cristian.cervi@nexigroup.co
                   |                            |m

--- Comment #1 from cristian <cr...@nexigroup.com> ---
Created attachment 38264
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=38264&action=edit
latest vulnerability re-check

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 66032] Tomcat 8.5.61 vulnerable to CVE-2018-11784

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66032

Michael Osipov <mi...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |michaelo@apache.org

--- Comment #2 from Michael Osipov <mi...@apache.org> ---
Upgrade to Tomcat 8.5.78 first.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org