← Voltar para CVEs
CVE-2026-43514
N/ADescricao
Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado5/12/2026
Ultima modificacao5/12/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-208
Referencias
https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m(security@apache.org)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.