Hi All, Looking at the description of the below vulnerability. It is not clear to me if this is only relevant to those who use Tomcat for serving static files (since they are talking about directory redirection). If our Tomcat instance is used only to serve dynamic content, is the vulnerability is relevant to us?
Thanks, When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.