URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
The vulnerability is limited to the ROOT (default) web application.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Tomcat8.5 Extra | tomcat | 2023-09-14 04:27 | ALAS2TOMCAT8.5-2023-015 |
Amazon Linux 2 - Tomcat9 Extra | tomcat | 2023-09-14 04:27 | ALAS2TOMCAT9-2023-009 |
Amazon Linux 1 | tomcat8 | 2023-10-12 15:48 | ALAS-2023-1861 |
Amazon Linux 2023 | tomcat9 | 2023-09-27 21:06 | ALAS2023-2023-365 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
NVD | CVSSv3 | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |