Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-4239

Backport fix for CVE-2023-41080

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 9.1.0
    • 9.1.1
    • None
    • None

    Description

      Moderate: Open redirect CVE-2023-41080

      If the ROOT (default) web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice.

      This was fixed with commit

      https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27

      This issue was reported to the Tomcat Security Team on 17 August 2023. The issue was made public on 22 August 2023.

      Affects: 10.1.0-M1 to 10.1.12

      Attachments

        Activity

          People

            rzo1 Richard Zowalla
            rzo1 Richard Zowalla
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: