BIT-tomcat-2026-43515

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2026-43515.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-tomcat-2026-43515

Aliases

Published

2026-05-14T11:56:50.640Z

Modified

2026-05-19T14:56:33.113486321Z

Summary

Apache Tomcat: Security constraints not correctly applied

Details

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.

Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Database specific

{
    "severity": "Critical",
    "cpes": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
    ]
}

References

Affected packages

Bitnami / tomcat

Package

Name: tomcat
Purl: pkg:bitnami/tomcat

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

10.1.0

Fixed

10.1.55

Introduced

11.0.0

Fixed

11.0.22

Introduced

9.0.0

Fixed

9.0.118

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2026-43515.json"