Seal Security

CVE-2023-41080

Apache Tomcat Open Redirect vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected. The vulnerability is limited to the ROOT (default) web application.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Versions

org.apache.tomcat:tomcat >= 11.0.0-M1 < 11.0.0-M11; org.apache.tomcat:tomcat >= 10.1.0-M1 < 10.1.13; org.apache.tomcat:tomcat >= 9.0.0-M1 < 9.0.80; org.apache.tomcat:tomcat >= 8.5.0 < 8.5.93; org.apache.tomcat.embed:tomcat-embed-core >= 8.5.0 < 8.5.93; org.apache.tomcat.embed:tomcat-embed-core >= 9.0.0-M1 < 9.0.80; org.apache.tomcat.embed:tomcat-embed-core >= 10.1.0-M1 < 10.1.13; org.apache.tomcat.embed:tomcat-embed-core >= 11.0.0-M1 < 11.0.0-M11

Severity

Medium

Ecosystem

Publish Date

August 25, 2023

Modified Date

August 8, 2025