CVE-2023-41080

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-41080
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41080.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-41080
Aliases
Downstream
Related
Published
2023-08-25T21:15:09Z
Modified
2025-08-09T19:01:26Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected.

The vulnerability is limited to the ROOT (default) web application.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Last affected
06977fbea3c82c3d29e544203983dd3b49a632f1
Last affected
06d0e42e6cd70aae860f164c27d16bdfdfcdc496
Last affected
3b6de549bdf4f6486c39daa0ae8e4d4b7475b1f6
Last affected
434400d882a20e12ea03855f4bd93451bd3362c6
Last affected
4b03c23ad60e678c1d1a85df815fb6cd8d14ca67
Last affected
59c81e30e2f64f5e8c1db78c4860c51850dfb0bd
Last affected
8afe2647d7801172cc304f4a47d8aad9646d2985
Introduced
e37b977db6f47e4380ad67114a49e8568951c953
Last affected
90f385149d4c1492e7d50412b19b9fad55bd70a9
Last affected
9ce010463a93138d596c54c67b11cdb35fc8244a
Introduced
16bf392c67833ad549733b58c350ff92b5ee782a
Last affected
a4bbc1f1676932460f993653c04ec43a1e9e8c88
Last affected
de714a23642a4d0baef342db6762a7f7a550d82c
Last affected
eb9d5f0b70a1b84fa18af30eaf358cfa9e4b87ae
Introduced
e9d17cddc285615807ec5fef09240777436b25dc
Last affected
fb24d1d6525c774f27c3f711c52790552ee389ee