CVE-2023-41080

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-41080

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-41080.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-41080

Aliases

Related

Published

2023-08-25T21:15:09Z

Modified

2024-09-11T05:01:19.677729Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.

The vulnerability is limited to the ROOT (default) web application.

References

Affected packages

Debian:12 / tomcat10

Package

Name: tomcat10
Purl: pkg:deb/debian/tomcat10?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.1.6-1+deb12u1

Affected versions

10.*

10.1.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tomcat10

Package

Name: tomcat10
Purl: pkg:deb/debian/tomcat10?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.1.13-1

Affected versions

10.*

10.1.6-1

10.1.7-1

10.1.8-1

10.1.9-1

10.1.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.43-2~deb11u7

Affected versions

9.*

9.0.43-1

9.0.43-2~deb11u1

9.0.43-2~deb11u2

9.0.43-2~deb11u3

9.0.43-2~deb11u4

9.0.43-2~deb11u5

9.0.43-2~deb11u6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.70-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tomcat9

Package

Name: tomcat9
Purl: pkg:deb/debian/tomcat9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.70-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/tomcat

Affected ranges

Type: GIT
Repo: https://github.com/apache/tomcat
Events: Last affected

06977fbea3c82c3d29e544203983dd3b49a632f1

Last affected

06d0e42e6cd70aae860f164c27d16bdfdfcdc496

Last affected

3b6de549bdf4f6486c39daa0ae8e4d4b7475b1f6

Last affected

434400d882a20e12ea03855f4bd93451bd3362c6

Last affected

4b03c23ad60e678c1d1a85df815fb6cd8d14ca67

Last affected

59c81e30e2f64f5e8c1db78c4860c51850dfb0bd

Last affected

8afe2647d7801172cc304f4a47d8aad9646d2985

Introduced

e37b977db6f47e4380ad67114a49e8568951c953

Last affected

90f385149d4c1492e7d50412b19b9fad55bd70a9

Last affected

9ce010463a93138d596c54c67b11cdb35fc8244a

Introduced

16bf392c67833ad549733b58c350ff92b5ee782a

Last affected

a4bbc1f1676932460f993653c04ec43a1e9e8c88

Last affected

de714a23642a4d0baef342db6762a7f7a550d82c

Last affected

eb9d5f0b70a1b84fa18af30eaf358cfa9e4b87ae

Introduced

e9d17cddc285615807ec5fef09240777436b25dc

Last affected

fb24d1d6525c774f27c3f711c52790552ee389ee