Another Apache Tomcat vulnerability was released on 22 August CVE number 2023-41080. Is OneClick susceptible to this vulnerability?
Release : 22.2, 23.3
CVE-2023-41080 affects the ROOT webapp shipped with Apache Tomcat. OneClick, from a version number standpoint OneClick would be
vulnerable as 23.3.1 (about to be released) ships with Tomcat 9.0.75. Spectrum, however, removes all files from the ROOT webapps folder
and places its own 2 files favicon.ico and index.html so that if a user launches https://ocserver:port (without the /spectrum) it redirects to https://ocserver:port/spectrum/
and therefore would not be vulnerable to this.
Example Out of the box Apache Tomcat ROOT webapps folder
What ships with Spectrum OneClick