[OneClick] Apache Tomcat vulnerability - CVE-2023-41080
search cancel

[OneClick] Apache Tomcat vulnerability - CVE-2023-41080

book

Article ID: 272944

calendar_today

Updated On:

Products

DX NetOps CA Spectrum

Issue/Introduction


Another Apache Tomcat vulnerability was released on 22 August CVE number 2023-41080.  Is OneClick susceptible to this vulnerability?

Link here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080

 

 

Environment

Release : 22.2, 23.3

Resolution


CVE-2023-41080 affects the ROOT webapp shipped with Apache Tomcat. OneClick, from a version number standpoint OneClick would be
  vulnerable as 23.3.1 (about to be released) ships with Tomcat 9.0.75. Spectrum, however, removes all files from the ROOT webapps folder
  and places its own 2 files favicon.ico and index.html so that if a user launches https://ocserver:port (without the /spectrum) it redirects to https://ocserver:port/spectrum/
  and therefore would not be vulnerable to this.

 

Example Out of the box Apache Tomcat ROOT webapps folder




What ships with Spectrum OneClick

 

Powered by Wolken Software