CVE-2023-41080
Severity CVSS v4.0:
Pending analysis
Type:
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Publication date:
25/08/2023
Last modified:
03/11/2023
Description
URL Redirection to Untrusted Site (&#39;Open Redirect&#39;) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.<br />
<br />
The vulnerability is limited to the ROOT (default) web application.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.5.0 (including) | 8.5.92 (including) |
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 9.0.0 (including) | 9.0.79 (including) |
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 10.1.0 (including) | 10.1.12 (including) |
| cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page