Summary

Security Advisory ID : BSA-2020-1046

Component : Apache Tomcat

Revision : 1.0: Final

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

Affected Products

No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.

Revision History