{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41080", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-08-22T18:21:35.140Z", "datePublished": "2023-08-25T20:39:36.584Z", "dateUpdated": "2024-08-02T18:46:11.691Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "11.0.0-M10", "status": "affected", "version": "11.0.0-M1", "versionType": "semver"}, {"lessThanOrEqual": "10.0.12", "status": "affected", "version": "10.1.0-M1", "versionType": "semver"}, {"lessThanOrEqual": "9.0.79", "status": "affected", "version": "9.0.0-M1", "versionType": "semver"}, {"lessThanOrEqual": "8.5.92", "status": "affected", "version": "8.5.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability was reported responsibly to the Tomcat security team by Yiheng Cao."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.<p>This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.</p>The vulnerability is limited to the ROOT (default) web application."}], "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\n\nThe vulnerability is limited to the ROOT (default) web application."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-08-25T20:39:36.584Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"}, {"url": "https://security.netapp.com/advisory/ntap-20230921-0006/"}, {"url": "https://www.debian.org/security/2023/dsa-5522"}, {"url": "https://www.debian.org/security/2023/dsa-5521"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache Tomcat: Open redirect with FORM authentication", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.691Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"}, {"url": "https://security.netapp.com/advisory/ntap-20230921-0006/", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5522", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5521", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E14DEB4-D0F9-4316-83B0-B13205D581F5", "versionEndIncluding": "8.5.92", "versionStartIncluding": "8.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "E256A714-F263-4BC6-A272-447A70654A39", "versionEndIncluding": "9.0.79", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "64015C04-EE24-4549-B4C9-E7DA3786EBE9", "versionEndIncluding": "10.1.12", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", "matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", "matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", "matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", "matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", "matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", "matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", "matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", "matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", "matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", "matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\n\nThe vulnerability is limited to the ROOT (default) web application."}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n de URL a sitio no fiable ('Open Redirect') en la funci\u00f3n de autenticaci\u00f3n FORM de Apache Tomcat. Este problema afecta a Apache Tomcat: de 11.0.0-M1 a 11.0.0-M10, de 10.1.0-M1 a 10.0.12, de 9.0.0-M1 a 9.0.79 y de 8.5.0 a 8.5.92. La vulnerabilidad se limita a la aplicaci\u00f3n web ROOT (por defecto).\n"}], "id": "CVE-2023-41080", "lastModified": "2023-11-03T19:00:56.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-25T21:15:09.397", "references": [{"source": "security@apache.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230921-0006/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5521"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5522"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security@apache.org", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1325", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.0", "package": "tomcat", "product_name": "JWS 6.0.1", "release_date": "2024-03-18T00:00:00Z"}, {"advisory": "RHSA-2023:5946", "cpe": "cpe:/a:redhat:amq_broker:7", "package": "tomcat", "product_name": "Red Hat AMQ Broker 7", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:7678", "cpe": "cpe:/a:redhat:amq_streams:2", "package": "tomcat", "product_name": "Red Hat AMQ Streams 2.6.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2024:0125", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "tomcat-1:9.0.62-27.el8_9.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-01-10T00:00:00Z"}, {"advisory": "RHSA-2024:0474", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "tomcat-1:9.0.62-37.el9_3.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:7623", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7", "package": "tomcat", "product_name": "Red Hat JBoss Web Server 5", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7622", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el7", "package": "jws5-tomcat-0:9.0.62-19.redhat_00017.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 7", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7622", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el8", "package": "jws5-tomcat-0:9.0.62-19.redhat_00017.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 8", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7622", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el9", "package": "jws5-tomcat-0:9.0.62-19.redhat_00017.1.el9jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 9", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2024:1324", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.0::el8", "package": "jws6-tomcat-0:10.1.8-6.redhat_00013.1.el8jws", "product_name": "Red Hat JBoss Web Server 6.0 on RHEL 8", "release_date": "2024-03-18T00:00:00Z"}, {"advisory": "RHSA-2024:1324", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.0::el9", "package": "jws6-tomcat-0:10.1.8-6.redhat_00013.1.el9jws", "product_name": "Red Hat JBoss Web Server 6.0 on RHEL 9", "release_date": "2024-03-18T00:00:00Z"}, {"advisory": "RHSA-2024:4631", "cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "package": "devspaces/server-rhel8:3.15-3", "product_name": "Red Hat OpenShift Dev Spaces 3 Containers", "release_date": "2024-07-18T00:00:00Z"}], "bugzilla": {"description": "tomcat: Open Redirect vulnerability in FORM authentication", "id": "2235370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-601", "details": ["URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\nThe vulnerability is limited to the ROOT (default) web application.", "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL."], "name": "CVE-2023-41080", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat build of Apache Camel for Spring Boot"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "pki-deps:10.6/pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "pki-servlet-container", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Will not fix", "package_name": "tomcat", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2023-08-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-41080\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-41080\nhttps://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"], "statement": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.", "threat_severity": "Moderate", "upstream_fix": "tomcat 11.0.0-M11, tomcat 10.1.13, tomcat 9.0.80, tomcat 8.5.93"}