Vulnerabilities > CVE-2023-41080
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.
Vulnerable Configurations
References
- https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
- https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
- https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
- https://security.netapp.com/advisory/ntap-20230921-0006/
- https://security.netapp.com/advisory/ntap-20230921-0006/
- https://www.debian.org/security/2023/dsa-5521
- https://www.debian.org/security/2023/dsa-5521
- https://www.debian.org/security/2023/dsa-5522
- https://www.debian.org/security/2023/dsa-5522