|
Vulnerabilities
< Back

CVE-2023-41080

Updated on 25 Aug 2023

Severity

6.1 Medium severity

Details

CVSS score
6.1
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected.

The vulnerability is limited to the ROOT (default) web application.

Details

Affected product:
AlmaLinux 9.2 ESU , Apache Tapestry , Apache Tomcat , Debian 10 ELS , Eclipse Jetty , Spring , Ubuntu 18.04 ELS , activemq , apache-jsp , cxf , jasper-jsp
Affected packages:
cxf-systests-http-sci @ 3.5.11 (+953 more)

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected.

The vulnerability is limited to the ROOT (default) web application.

Fixes