Severity
High
Analysis Summary
CVE-2023-41080
Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the FORM authentication feature. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
Impact
- Command Execution
Indicators Of Compromise
CVE
- CVE-2023-41080
Affected Vendors
Apache
Affected Products
- Apache Tomcat 9.0.0-M1
- Apache Tomcat 8.5.0
- Apache Tomcat 10.1.0-M1
- Apache Tomcat 11.0.0-M1
Remediation
Upgrade to the latest version of Apache Tomcat, available from the Apache Website.