-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tomcat7 Version : 7.0.56-3+really7.0.91-1 CVE ID : CVE-2018-11784
Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. For Debian 8 "Jessie", this problem has been fixed in version 7.0.56-3+really7.0.91-1. We recommend that you upgrade your tomcat7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvDqltfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeS5eg/+KAkyQHq6/AxwBFPVygw05rqNK2XOQMnQWw2foliRgbQjgLzx8llsFcaN +sEQ4at4lyz2pJ6J+G8A3vXRSgVNzcC+IiKZZqvnlhdDCvvDeR/ARUBtMPwzvl/s B4Tk+EM08GRdzebus0FiVLWpnUK58+81bGGN1jveSffbSXJGMsBnt4sAV1IYRLUt LntSluo0Sc8mMy0uf77R7pDn7LBn/mp4WSyG9ab94oF/Z+1HWZgRc/iom4CZ+0s6 LwkZnLaSMX2v6e1cmkAblZdvDtOn5pbRxX/GP8agwBwP1hEH2xeZ2+RksPkLW+YA 8h2g36j2WLMey8EVepHvGyTyh0u6C8btJZvwOwa6VKq0KS2kkFvDaqvJnlTUJh3M e4YI5WhY9pMulq6rGN8ToI1wsJRr3Wzc6+yDE2+COwdOoFygQWU0oXmT1ttdZLhy jhS46fU1SR3FSGBA0qy4/jOVh8Dh1eoX21aSFHe+Z7z1LSD03EbAAC8CC5ztiMAV Zt44GO0TU6Zu76yAHcj4I/I6gRUOwcJF7k/krX2Gk4A09+xrN8aBStLsomMV9X4h ZyBLTZfDsOMZGQewM/B6hIuxLBG8mXiW5wDWQwNcLeS2zea93sGvQbOrGSXjMNXe fx/YSlRPYpBoGiyhJG4sy6qM4x+2aAKg2g1LK0d75ZDObactsIE= =dMx0 -----END PGP SIGNATURE-----
