Bugzilla – Bug 1214666
VUL-0: CVE-2023-41080: tomcat: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature
Last modified: 2024-01-17 09:51:04 UTC
CVE-2023-41080 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41080 https://www.cve.org/CVERecord?id=CVE-2023-41080 https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
This is an autogenerated message for OBS integration: This bug (1214666) was mentioned in https://build.opensuse.org/request/show/1112902 Factory / tomcat
SUSE-SU-2023:3987-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1214666 CVE References: CVE-2023-41080 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): tomcat-9.0.36-3.108.1 SUSE Linux Enterprise Server 12 SP5 (src): tomcat-9.0.36-3.108.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): tomcat-9.0.36-3.108.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4129-1: An update that solves two vulnerabilities and contains two features can now be installed. Category: security (important) Bug References: 1214666, 1216182 CVE References: CVE-2023-41080, CVE-2023-44487 Jira References: PED-6376, PED-6377 Sources used: Web and Scripting Module 15-SP5 (src): tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): tomcat-9.0.82-150200.46.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): tomcat-9.0.82-150200.46.1 SUSE Manager Server 4.2 (src): tomcat-9.0.82-150200.46.1 SUSE Enterprise Storage 7.1 (src): tomcat-9.0.82-150200.46.1 Web and Scripting Module 15-SP4 (src): tomcat-9.0.82-150200.46.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4423-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1214666, 1216118, 1216119 CVE References: CVE-2023-41080, CVE-2023-42795, CVE-2023-45648 Sources used: SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): tomcat-9.0.36-150100.4.98.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): tomcat-9.0.36-150100.4.98.1 SUSE CaaS Platform 4.0 (src): tomcat-9.0.36-150100.4.98.1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): tomcat-9.0.36-150100.4.98.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.