Is Spectrum Vulnerable to CVE-2018-11784

Document ID : KB000124387
Last Modified Date : 11/01/2019
Show Technical Document Details
Introduction:
CVE-2018-11784 Apache Tomcat - Open Redirect

Severity: Moderate
Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.11
Apache Tomcat 8.5.0 to 8.5.33
Apache Tomcat 7.0.23 to 7.0.90
The unsupported 8.0.x release line has not been analysed but is likely
to be affected.
Question:
Is Spectrum impacted by this Vulnerability "CVE-2018-11784"?
Environment:
Spectrum 10.x
Answer:
This affects, Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90

Spectrum 10.2 is using, Tomcat - 7.0.72, So it is affected.
Spectrum 10.3 and 10.3.1 are using Tomcat 9.0.8, both are affected.

Note: This is Moderate affect.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784
https://tomcat.apache.org/security-9.html

This is fixed in Tomcat 9.0.12 or later, and there is a plan for tomcat upgrade in 10.3.2.

This will be addressed in Spectrum 10.3.2