On 08/10/18 21:55, Michael Yoder wrote: > On Wed, Oct 3, 2018 at 12:50 PM Mark Thomas <ma...@apache.org> wrote: >> CVE-2018-11784 Apache Tomcat - Open Redirect > > Is it possible to get more information on the "specially crafted URL"? > I'd like more information so that I can test if some of our apps are > vulnerable.
Generally, there is a balance to strike here between making it easy for the less technically competent attackers to construct an attack and making it easy for end users to figure out if they are vulnerable. The way we typically do this is by describing the conditions necessary for an attack to be possible as completely as possible but not providing details of how to perform an attack. We also provide references to the commit that fixed the issue. For someone with the right skills, there is usually enough information in the description and the commit for a successful attack to be reverse engineered. > In addition, I'd like to verify that the value of > mapperContextRootRedirectEnabled defaults to "true", For the latest release of each supported Tomcat version, that is correct. Historically, that is version dependent. Check the docs for the version you are using. > so if we don't > alter that value we aren't susceptible? Incorrect. As per the announcement both mapperDirectoryRedirectEnabled and mapperContextRootRedirectEnabled need to be true to avoid this vulnerability if you are not using a fixed version. The default for mapperDirectoryRedirectEnabled is false. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
