CVE-2023-41080

CWE-601Open Redirect14 documents10 sources
Severity
6.1MEDIUM
EPSS
11.6%
top 6.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Eclipse Foundation Eclipse GlassfishApache Software Foundation Apache TomcatApache Tomcat+1 more
Timeline
PublishedAug 25
Latest updateNov 13

Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected. The vulnerability is limited to the ROOT (default) web application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages8 packages

Mavenorg.apache.tomcat:tomcat11.0.0-M111.0.0-M11+3
NVDapache/tomcat8.5.08.5.92+3
CVEListV5apache_software_foundation/apache_tomcat11.0.0-M111.0.0-M10+3
Debiantomcat9< 9.0.43-2~deb11u7+3

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: lists.apache.orgPatch: lists.apache.org

🔴Vulnerability Details

6
OSV
tomcat9 vulnerabilities2024-11-13
GHSA
Eclipse Glassfish URL redirection vulnerability2024-09-11
OSV
CVE-2023-41080: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat2023-08-25
OSV
Apache Tomcat Open Redirect vulnerability2023-08-25
GHSA
Apache Tomcat Open Redirect vulnerability2023-08-25

📋Vendor Advisories

7
Ubuntu
Tomcat vulnerabilities2024-11-13
Oracle
Oracle Oracle Commerce Risk Matrix: Workbench (Apache Tomcat) — CVE-2023-410802024-04-15
Oracle
Oracle Oracle Communications Risk Matrix: BEServer (Apache Tomcat) — CVE-2023-410802023-10-15
Red Hat
tomcat: Open Redirect vulnerability in FORM authentication2023-08-28
CISA
Microsoft Exchange Server Privilege Escalation Vulnerability2023-01-10
CVE-2023-41080 (MEDIUM CVSS 6.1) | URL Redirection to Untrusted Site ( | cvebase.io