Description

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Remediation

References

CVE-2026-43514

Related Vulnerabilities

Moodle Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-1755)

MySQL CVE-2019-2481 Vulnerability (CVE-2019-2481)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2506)

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Cross-Site Scripting (4.2.7)

WordPress Plugin WP-VR-view-Add Photo Sphere, 360 video to WordPress Cross-Site Scripting (1.6)

Severity

Low

Classification

CVE-2026-43514 CWE-208 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities