The Apache Foundation has announced CVE-2018-11784, a flaw in multiple versions of the popular Tomcat software that can be used to remotely access sensitive information. Waratek Secure and Waratek Enterprise customers are already protected.
Waratek customers are protected by default rule
Customer Alert 20181008
The Apache Foundation has announced CVE-2018-11784, a flaw in multiple versions of the popular Tomcat server that can be used to cause a redirect to be generated to any URI of the attacker’s choice. The flaw was discovered and reported to the Apache Foundation by an independent security researcher.
Apache Tomcat 9.0.0.M1 to 9.0.11, Apache Tomcat 8.5.0 to 8.5.33, and Apache Tomcat 7.0.23 to 7.0.90 are vulnerable and an unsupported Tomcat 8.0.x release line has not been analyzed, but is likely to be affected.
Full details are available from The Apache Foundation.
Waratek Secure and Waratek Enterprise customers are already protected by an “Open Redirect” rule that is standard protection in the Waratek application security platform. Waratek rules provide protection against known and Zero Day attacks with zero configuration and no source code changes. Waratek’s out-of-the-box zero-day protection not only protects the Apache supported Tomcat versions but also also protects the Apache unsupported Tomcat 8.0.x release line.
Non-Waratek customers are advised to upgrade their versions of the vulnerable software.