6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-41080

GHSA ID

GHSA-q3mw-pvr8-9ggc

EPSS Score

0.93126%

CWE

CWE-601

Published

8/25/2023

Updated

11/11/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-41080

CVE-2023-41080:
Apache Tomcat Open Redirect vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.

The vulnerability is limited to the ROOT (default) web application.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-41080

GHSA ID

GHSA-q3mw-pvr8-9ggc

EPSS Score

0.93126%

CWE

CWE-601

Published

8/25/2023

Updated

11/11/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.tomcat:tomcat	maven	>= 11.0.0-M1, < 11.0.0-M11	11.0.0-M11
org.apache.tomcat:tomcat	maven	>= 10.1.0-M1, < 10.1.13	10.1.13
org.apache.tomcat:tomcat	maven	>= 9.0.0-M1, < 9.0.80	9.0.80
org.apache.tomcat:tomcat	maven	>= 8.5.0, < 8.5.93	8.5.93
org.apache.tomcat.embed:tomcat-embed-core	maven	>= 8.5.0, < 8.5.93	8.5.93
org.apache.tomcat.embed:tomcat-embed-core	maven	>= 9.0.0-M1, < 9.0.80	9.0.80
org.apache.tomcat.embed:tomcat-embed-core	maven	>= 10.1.0-M1, < 10.1.13	10.1.13
org.apache.tomcat.embed:tomcat-embed-core	maven	>= 11.0.0-M1, < 11.0.0-M11	11.0.0-M11

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from how FORM authentication handles redirects. The commit diff shows a critical modification in FormAuthenticator.java's savedRequestURL method where a loop was added to strip leading slashes to prevent protocol-relative redirects. Prior to this fix, the method would return URLs like '//evil.com' when reconstructing the saved request URL from session data, which browsers interpret as a protocol-relative URL inheriting the current scheme (HTTP/HTTPS). This matches the CWE-601 description of open redirects via unvalidated URLs.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

URL R**ir**tion to Untrust** Sit* ('Op*n R**ir**t') vuln*r**ility in *ORM *ut**nti**tion ***tur* *p**** Tom**t. T*is issu* *****ts *p**** Tom**t: *rom **.*.*-M* t*rou** **.*.*-M**, *rom **.*.*-M* t*rou** **.*.**, *rom *.*.*-M* t*rou** *.*.** *n* *rom

Reasoning

T** vuln*r**ility st*ms *rom *ow *ORM *ut**nti**tion **n*l*s r**ir**ts. T** *ommit *i** s*ows * *riti**l mo*i*i**tion in `*orm*ut**nti**tor.j*v*`'s s*v**R*qu*stURL m*t*o* w**r* * loop w*s ***** to strip l***in* sl*s**s to pr*v*nt proto*ol-r*l*tiv* r*

6.1

Basic Information

Concerned about an active attack path?

CVE-2023-41080: Apache Tomcat Open Redirect vulnerability

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-41080:
Apache Tomcat Open Redirect vulnerability

Vulnerability Intelligence
Miggo AI