BIT-tomcat-2026-43512

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2026-43512.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-tomcat-2026-43512

Aliases

Published

2026-05-14T11:56:45.724Z

Modified

2026-05-18T20:56:23.707157565Z

Summary

Apache Tomcat: Digest authenticator will authenticate any unknown user

Details

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect

Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
    ],
    "severity": "Critical"
}

References

Affected packages

Bitnami / tomcat

Package

Name: tomcat
Purl: pkg:bitnami/tomcat

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

10.1.0

Fixed

10.1.55

Introduced

11.0.0

Fixed

11.0.22

Introduced

9.0.0

Fixed

9.0.118

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2026-43512.json"