CVE-2023-41080 tomcat/apache vulnerability impact on Advanced Authentication
Article ID: 273389
Updated On:
Products
Issue/Introduction
Does CVE-2023-41080 impact CA Advanced Authentication product?
| Vulnerability Information | ||||
| CVE | CVSS Base Score | CVSS Rating* | Affected Product | Affected Version |
| CVE-2023-41080 | Not Available | Medium | Apache Tomcat | 11.0.0-M1 to 11.0.0-M10 10.1.0-M1 to 10.1.12 9.0.0-M1 to 9.0.79 8.5.0 to 8.5.92 |
Environment
Release : CA Advanced Authentication 9.1
Cause
The CVE-2023-41080 vulnerability is related to URL Redirection to an Untrusted Site, commonly known as an 'Open Redirect' vulnerability, which affects the FORM authentication feature in Apache Tomcat.
The affected versions of Apache Tomcat include:
Apache Tomcat 11.0.0-M1 through 11.0.0-M10
Apache Tomcat 10.1.0-M1 through 10.0.12
Apache Tomcat 9.0.0-M1 through 9.0.79
Apache Tomcat 8.5.0 through 8.5.92
Resolution
To address this security concern, we recommend the following actions:
Upgrade to the Latest Version of Apache Tomcat in the 9.x Series: If your current version of Apache Tomcat is earlier than 9.0.80, we recommend upgrading to the latest release within the 9.x series. This will ensure that you have the security patches and updates necessary to mitigate the CVE-2023-41080 vulnerability.
Consider Removing the ROOT Folder: The vulnerability is limited to the ROOT (default) web application of Apache Tomcat. If you do not require the ROOT application for your specific use case, we recommend considering the removal of the ROOT folder from your Apache Tomcat installation. This will further reduce the attack surface.
Taking these steps will help enhance the security of your Apache Tomcat installation and protect your system from potential security risks associated with this vulnerability.
Additional Information
Feedback
