CVE-2026-43514
⚪ Do wiadomości
Nieprawidłowe porównanie sekretu AJP w Apache Tomcat może prowadzić do ujawnienia informacji.
CVSS
3.7
EPSS
0.1%
Exploit
none
Vendor
apache
Opis źródłowy (NVD)
Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 3.7 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.1% |
| Opublikowano (NVD) | 2026-05-12 16:16:18 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-14 18:46:41 UTC |
Referencje
- https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m (security@apache.org) [Mailing List, Vendor Advisory]
- http://www.openwall.com/lists/oss-security/2026/05/12/10 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List, Third Party Advisory]