Overview

File tomcat-8.0.53-CVE-2018-11784.patch of Package tomcat.37363

Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/servlets/DefaultServlet.java
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/servlets/DefaultServlet.java
+++ apache-tomcat-8.0.53-src/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -1046,6 +1046,10 @@ public class DefaultServlet extends Http
             location.append('?');
             location.append(request.getQueryString());
         }
+        // Avoid protocol relative redirects
+        while (location.length() > 1 && location.charAt(1) == '/') {
+            location.deleteCharAt(0);
+        }
         response.sendRedirect(response.encodeRedirectURL(location.toString()));
     }
 
Index: apache-tomcat-8.0.53-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-8.0.53-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-8.0.53-src/webapps/docs/changelog.xml
@@ -591,6 +591,10 @@
         <bug>61999</bug>: maxSavePostSize set to 0 should disable saving POST
         data during authentication. (remm)
       </fix>
+      <fix>
+        When generating a redirect to a directory in the Default Servlet, avoid
+        generating a protocol relative redirect. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">
openSUSE Build Service is sponsored by
Places