When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

Affected Packages

Maven org.apache.tomcat.embed:tomcat-embed-core

Affected versions: 8.5.0 (fixed in 8.5.34)

Maven org.apache.tomcat.embed:tomcat-embed-core

Affected versions: 7.0.23 (fixed in 7.0.91)

Maven org.apache.tomcat.embed:tomcat-embed-core

Affected versions: 9.0.0 (fixed in 9.0.12)

Related CVEs

CVE-2018-11784

Key Information

GHSA ID

GHSA-5q99-f34m-67gc

Published

October 17, 2018 4:31 PM

Last Modified

February 22, 2024 10:43 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.apache.tomcat.embed:tomcat-embed-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 13, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.