Bug 6536 - [Anolis OS 23] Bugfix for CVE-2023-41080
Summary: [Anolis OS 23] Bugfix for CVE-2023-41080
Status: RESOLVED FIXED
Alias: None
Product: Anolis OS 23
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: unspecified
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: happy_orange
QA Contact: bolong_tbl
URL:
Whiteboard:
Keywords: CVE
Depends on:
Blocks:
 
Reported: 2023-09-11 19:24 UTC by 小龙
Modified: 2023-09-11 19:25 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description 小龙 admin 2023-09-11 19:24:59 UTC 
Description:
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.

The vulnerability is limited to the ROOT (default) web application.

Broken commit info:

Bugfix commit info:
https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27 (10.1.13)
https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b (9.0.80)
https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b