CVE-2023-41080

Summary

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected.

The vulnerability is limited to the ROOT (default) web application.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Tomcat11.0.0-M1 <= 11.0.0-M10affected
Apache Software FoundationApache Tomcat10.1.0-M1 <= 10.0.12affected
Apache Software FoundationApache Tomcat9.0.0-M1 <= 9.0.79affected
Apache Software FoundationApache Tomcat8.5.0 <= 8.5.92affected
Apache Software FoundationApache Tomcat3 < 8.5.0unknown
Apache Software FoundationApache Tomcat10.0.0-M1 <= 10.0.27unknown

Weaknesses

  • CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References