Lucene search
K

12 matches found

OSV
OSV
added 2026/06/29 9:45 a.m.2 views

SUSE-SU-2026:2675-1 Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...

9.8CVSS5.9AI score0.01339EPSS
Exploits2References15
SUSE Linux
SUSE Linux
added 2026/06/11 3:34 p.m.7 views

Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...

8.7CVSS6.6AI score0.01339EPSS
Exploits2References28
UbuntuCve
UbuntuCve
added 2026/06/01 12:0 a.m.10 views

CVE-2026-43514

Observable Timing Discrepancy vulnerabilitywhen comparing AJP secret i...

3.7CVSS5.8AI score0.00352EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 2:47 p.m.10 views

CLSA-2026-1779893247 Fix of 5 CVEs

SECURITY UPDATE: add case sensitive attribute to LockOutRealm - debian/patches/CVE-2026-43513.patch: add case sensitive attribute to LockOutRealm - CVE-2026-43513 SECURITY UPDATE: fix the handling of invalid users with DIGEST authentication - debian/patches/CVE-2026-43512.patch: fix the handling ...

9.8CVSS6.7AI score0.01233EPSS
Exploits2References1
OSV
OSV
added 2026/05/12 6:30 p.m.5 views

GHSA-9M89-8FRQ-C98C Apache Tomcat - AJP secret compared in non-constant time

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: The AJP secret was compared in non-constant time allowing an attacker on the local network to mount a timing...

3.7CVSS5.8AI score0.00352EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.11 views

Apache Tomcat - AJP secret compared in non-constant time

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: The AJP secret was compared in non-constant time allowing an attacker on the local network to mount a timing...

3.7CVSS5.8AI score0.00352EPSS
Exploits0References10Affected Software3
OSV
OSV
added 2026/05/12 4:16 p.m.6 views

DEBIAN-CVE-2026-43514

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versio...

3.7CVSS5.7AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 4:16 p.m.11 views

CVE-2026-43514

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versio...

3.7CVSS0.00352EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 4:16 p.m.6 views

UBUNTU-CVE-2026-43514

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versio...

3.7CVSS5.7AI score0.00352EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 3:32 p.m.8 views

CVE-2026-43514 Apache Tomcat: AJP secret compared in non-constant time

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versio...

5.7AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 3:32 p.m.89 views

CVE-2026-43514 Apache Tomcat: AJP secret compared in non-constant time

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versio...

0.00352EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/12 3:32 p.m.8 views

CVE-2026-43514

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versio...

3.7CVSS5.7AI score0.00352EPSS
Exploits0
Rows per page
Query Builder