CVE-2023-41080 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-41080?
CVE-2023-41080 is a moderate-severity vulnerability affecting the FORM authentication feature in Apache Tomcat, a widely-used web server software. This vulnerability, known as an open redirect, allows an attacker to craft a specific URL that can trigger a redirect to a site of their choice when the default web application is configured to use FORM authentication. The affected systems include those running Apache Tomcat versions 11.0.0-M1 through 11.0.0-M10, 10.1.0-M1 through 10.1.12, 9.0.0-M1 through 9.0.79, and 8.5.0 through 8.5.92. To mitigate this vulnerability, users are advised to upgrade to the latest Apache Tomcat versions.
Who is impacted by CVE-2023-41080?
If you're using Apache Tomcat, you might be affected by a moderate-severity vulnerability called CVE-2023-41080. This issue, known as an open redirect, impacts various versions of Apache Tomcat, including 11.0.0-M1 through 11.0.0-M10, 10.1.0-M1 through 10.1.12, 9.0.0-M1 through 9.0.79, and 8.5.0 through 8.5.92. It occurs when the default web application is configured to use FORM authentication, allowing an attacker to create a specific URL that can cause a redirect to a site of their choice. Users of the tomcat9 and tomcat10 packages who have configured the ROOT (default) web application to use FORM authentication may also be affected.
What to do if CVE-2023-41080 affected you
If you're affected by the CVE-2023-41080 vulnerability, it's crucial to take action to secure your system. To do this, follow these simple steps:
Identify the version of Apache Tomcat you're using.
If your version is affected, upgrade to a secure version:
Apache Tomcat 11.0.0-M11 or later
Apache Tomcat 10.1.13 or later
Apache Tomcat 9.0.80 or later
Apache Tomcat 8.5.93 or later
Ensure your system is updated and running the latest security patches.
By following these steps, you can protect your system from the open redirect vulnerability and maintain a secure environment.
Is CVE-2023-41080 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-41080 vulnerability, also known as an open redirect in Apache Tomcat, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This moderate-severity issue affects various versions of Apache Tomcat and can be mitigated by upgrading to a secure version. The vulnerability was added to the National Vulnerability Database on August 25, 2023, but no due date or required action is mentioned in the sources provided.
CVE-2023-41080 Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-601, an open redirect issue in Apache Tomcat's FORM authentication feature.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-41080 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-41080?
CVE-2023-41080 is a moderate-severity vulnerability affecting the FORM authentication feature in Apache Tomcat, a widely-used web server software. This vulnerability, known as an open redirect, allows an attacker to craft a specific URL that can trigger a redirect to a site of their choice when the default web application is configured to use FORM authentication. The affected systems include those running Apache Tomcat versions 11.0.0-M1 through 11.0.0-M10, 10.1.0-M1 through 10.1.12, 9.0.0-M1 through 9.0.79, and 8.5.0 through 8.5.92. To mitigate this vulnerability, users are advised to upgrade to the latest Apache Tomcat versions.
Who is impacted by CVE-2023-41080?
If you're using Apache Tomcat, you might be affected by a moderate-severity vulnerability called CVE-2023-41080. This issue, known as an open redirect, impacts various versions of Apache Tomcat, including 11.0.0-M1 through 11.0.0-M10, 10.1.0-M1 through 10.1.12, 9.0.0-M1 through 9.0.79, and 8.5.0 through 8.5.92. It occurs when the default web application is configured to use FORM authentication, allowing an attacker to create a specific URL that can cause a redirect to a site of their choice. Users of the tomcat9 and tomcat10 packages who have configured the ROOT (default) web application to use FORM authentication may also be affected.
What to do if CVE-2023-41080 affected you
If you're affected by the CVE-2023-41080 vulnerability, it's crucial to take action to secure your system. To do this, follow these simple steps:
Identify the version of Apache Tomcat you're using.
If your version is affected, upgrade to a secure version:
Apache Tomcat 11.0.0-M11 or later
Apache Tomcat 10.1.13 or later
Apache Tomcat 9.0.80 or later
Apache Tomcat 8.5.93 or later
Ensure your system is updated and running the latest security patches.
By following these steps, you can protect your system from the open redirect vulnerability and maintain a secure environment.
Is CVE-2023-41080 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-41080 vulnerability, also known as an open redirect in Apache Tomcat, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This moderate-severity issue affects various versions of Apache Tomcat and can be mitigated by upgrading to a secure version. The vulnerability was added to the National Vulnerability Database on August 25, 2023, but no due date or required action is mentioned in the sources provided.
CVE-2023-41080 Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-601, an open redirect issue in Apache Tomcat's FORM authentication feature.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-41080 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2023-41080?
CVE-2023-41080 is a moderate-severity vulnerability affecting the FORM authentication feature in Apache Tomcat, a widely-used web server software. This vulnerability, known as an open redirect, allows an attacker to craft a specific URL that can trigger a redirect to a site of their choice when the default web application is configured to use FORM authentication. The affected systems include those running Apache Tomcat versions 11.0.0-M1 through 11.0.0-M10, 10.1.0-M1 through 10.1.12, 9.0.0-M1 through 9.0.79, and 8.5.0 through 8.5.92. To mitigate this vulnerability, users are advised to upgrade to the latest Apache Tomcat versions.
Who is impacted by CVE-2023-41080?
If you're using Apache Tomcat, you might be affected by a moderate-severity vulnerability called CVE-2023-41080. This issue, known as an open redirect, impacts various versions of Apache Tomcat, including 11.0.0-M1 through 11.0.0-M10, 10.1.0-M1 through 10.1.12, 9.0.0-M1 through 9.0.79, and 8.5.0 through 8.5.92. It occurs when the default web application is configured to use FORM authentication, allowing an attacker to create a specific URL that can cause a redirect to a site of their choice. Users of the tomcat9 and tomcat10 packages who have configured the ROOT (default) web application to use FORM authentication may also be affected.
What to do if CVE-2023-41080 affected you
If you're affected by the CVE-2023-41080 vulnerability, it's crucial to take action to secure your system. To do this, follow these simple steps:
Identify the version of Apache Tomcat you're using.
If your version is affected, upgrade to a secure version:
Apache Tomcat 11.0.0-M11 or later
Apache Tomcat 10.1.13 or later
Apache Tomcat 9.0.80 or later
Apache Tomcat 8.5.93 or later
Ensure your system is updated and running the latest security patches.
By following these steps, you can protect your system from the open redirect vulnerability and maintain a secure environment.
Is CVE-2023-41080 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-41080 vulnerability, also known as an open redirect in Apache Tomcat, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This moderate-severity issue affects various versions of Apache Tomcat and can be mitigated by upgrading to a secure version. The vulnerability was added to the National Vulnerability Database on August 25, 2023, but no due date or required action is mentioned in the sources provided.
CVE-2023-41080 Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-601, an open redirect issue in Apache Tomcat's FORM authentication feature.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions