[jira] [Created] (TOMEE-4239) Backport fix for CVE-2023-41080

Richard Zowalla (Jira) Tue, 29 Aug 2023 02:00:05 -0700

Richard Zowalla created TOMEE-4239:
--------------------------------------

             Summary: Backport fix for CVE-2023-41080
                 Key: TOMEE-4239
                 URL: https://issues.apache.org/jira/browse/TOMEE-4239
             Project: TomEE
          Issue Type: Dependency upgrade
    Affects Versions: 9.1.0
            Reporter: Richard Zowalla
            Assignee: Richard Zowalla
             Fix For: 9.1.1



Moderate: Open redirect CVE-2023-41080

If the ROOT (default) web application is configured to use FORM authentication 
then it is possible that a specially crafted URL could be used to trigger a 
redirect to an URL of the attackers choice.

This was fixed with commit 

https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27

This issue was reported to the Tomcat Security Team on 17 August 2023. The 
issue was made public on 22 August 2023.

Affects: 10.1.0-M1 to 10.1.12



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (TOMEE-4239) Backport fix for CVE-2023-41080

Reply via email to