NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-43514

Summary	Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.
Publication Date	May 13, 2026, 1:16 a.m.
Registration Date	May 13, 2026, 4:12 a.m.
Last Update	May 13, 2026, 3:17 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m	security@apache.org
2	http://www.openwall.com/lists/oss-security/2026/05/12/10	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-208	タイミングの違いに起因する情報漏えい	https://cwe.mitre.org/data/definitions/208.html