Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apache/tomcat@9.0.79
purl pkg:apache/tomcat@9.0.79
Next non-vulnerable version 9.0.81
Latest non-vulnerable version 11.0.21
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-j6cj-ftyd-3ffa
Aliases:
CVE-2023-41080
GHSA-q3mw-pvr8-9ggc
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected. The vulnerability is limited to the ROOT (default) web application.
9.0.80
Affected by 4 other vulnerabilities.
10.1.13
Affected by 3 other vulnerabilities.
11.0.0-M11
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:38:07.725115+00:00 Apache Tomcat Importer Affected by VCID-j6cj-ftyd-3ffa https://tomcat.apache.org/security-9.html 38.0.0