SA-2023-096 – Apache Tomcat ‘Open Redirect’ with FORM authentication (CVE-2023-41080)

Extreme Networks Security Advisory

In Apache Tomcat, if the ROOT (default) web application is configured to use FORM authentication, then it is possible that a specially crafted URL could be used to trigger an ‘Open Redirect’ to an URL of the attacker’s choice.