CVE-2023-41080

CVE-2023-41080: Apache Tomcat: Open redirect with FORM authentication

Vendor Apache Software Foundation

Product Apache Tomcat

Weakness CWE-601 · Open redirect

Published August 25, 2023

Last update October 29, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected. The vulnerability is limited to the ROOT (default) web application.

Key dates

Disclosure timeline

August 25, 2023 CVE published

October 29, 2025 Record updated

Identifiers

CVE CVE-2023-41080

CWE CWE-601

Affected versions

Vendor Apache Software Foundation

Product Apache Tomcat

Affected ≥ 11.0.0-M1 and ≤ 11.0.0-M10

Vendor Apache Software Foundation

Product Apache Tomcat

Affected ≥ 10.1.0-M1 and ≤ 10.0.12

Vendor Apache Software Foundation

Product Apache Tomcat

Affected ≥ 9.0.0-M1 and ≤ 9.0.79

Vendor Apache Software Foundation

Product Apache Tomcat

Affected ≥ 8.5.0 and ≤ 8.5.92