DEBIAN-CVE-2026-43512

Source
https://security-tracker.debian.org/tracker/CVE-2026-43512
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-43512.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-43512
Upstream
Published
2026-05-12T16:16:17.990Z
Modified
2026-06-15T19:06:27.582257718Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

References

Affected packages

Debian:11
tomcat9

Package

Name
tomcat9
Purl
pkg:deb/debian/tomcat9?arch=source&distro=bullseye

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.118-0+deb11u1

Affected versions

9.*
9.0.43-1
9.0.43-2~deb11u1
9.0.43-2~deb11u2
9.0.43-2~deb11u3
9.0.43-2~deb11u4
9.0.43-2~deb11u5
9.0.43-2~deb11u6
9.0.43-2~deb11u7
9.0.43-2~deb11u8
9.0.43-2~deb11u9
9.0.43-2~deb11u10
9.0.43-2~deb11u11
9.0.43-2~deb11u12
9.0.43-2
9.0.43-3
9.0.53-1
9.0.54-1
9.0.55-1
9.0.58-1
9.0.62-1
9.0.63-1
9.0.64-1
9.0.64-2
9.0.65-1
9.0.67-1
9.0.68-1
9.0.68-1.1
9.0.70-1
9.0.70-2
9.0.95-1
9.0.107-0+deb11u1
9.0.107-0+deb11u2
9.0.111-1
9.0.115-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-43512.json"
Debian:12
tomcat10

Package

Name
tomcat10
Purl
pkg:deb/debian/tomcat10?arch=source&distro=bookworm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.55-1~deb12u1

Affected versions

10.*
10.1.6-1
10.1.6-1+deb12u1
10.1.6-1+deb12u2
10.1.7-1
10.1.8-1
10.1.9-1
10.1.10-1
10.1.13-1
10.1.14-1
10.1.15-1
10.1.16-1
10.1.20-1
10.1.23-1
10.1.25-1~bpo12+1
10.1.25-1
10.1.25-2
10.1.30-1~bpo12+1
10.1.30-1
10.1.31-1
10.1.33-1~bpo12+1
10.1.33-1
10.1.34-0+deb12u1
10.1.34-0+deb12u2
10.1.34-1
10.1.35-1
10.1.40-1~bpo12+1
10.1.40-1
10.1.46-1
10.1.52-1~deb12u1
10.1.52-1~deb13u1
10.1.52-1
10.1.52-2
10.1.54-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-43512.json"
tomcat9

Package

Name
tomcat9
Purl
pkg:deb/debian/tomcat9?arch=source&distro=bookworm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.70-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-43512.json"
Debian:13
tomcat10

Package

Name
tomcat10
Purl
pkg:deb/debian/tomcat10?arch=source&distro=trixie

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.55-1~deb13u1

Affected versions

10.*
10.1.40-1
10.1.46-1
10.1.52-1~deb12u1
10.1.52-1~deb13u1
10.1.52-1
10.1.52-2
10.1.54-1
10.1.55-1~deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-43512.json"
tomcat11

Package

Name
tomcat11
Purl
pkg:deb/debian/tomcat11?arch=source&distro=trixie

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.22-1~deb13u1

Affected versions

11.*
11.0.6-1
11.0.11-1
11.0.15-1~deb13u1
11.0.15-1
11.0.18-1
11.0.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-43512.json"
tomcat9

Package

Name
tomcat9
Purl
pkg:deb/debian/tomcat9?arch=source&distro=trixie

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.70-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-43512.json"
Debian:14
tomcat10

Package

Name
tomcat10
Purl
pkg:deb/debian/tomcat10?arch=source&distro=forky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.55-1

Affected versions

10.*
10.1.40-1
10.1.46-1
10.1.52-1~deb12u1
10.1.52-1~deb13u1
10.1.52-1
10.1.52-2
10.1.54-1
10.1.55-1~deb12u1
10.1.55-1~deb13u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-43512.json"
tomcat11

Package

Name
tomcat11
Purl
pkg:deb/debian/tomcat11?arch=source&distro=forky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.22-1

Affected versions

11.*
11.0.6-1
11.0.11-1
11.0.15-1~deb13u1
11.0.15-1
11.0.18-1
11.0.21-1
11.0.22-1~deb13u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-43512.json"
tomcat9

Package

Name
tomcat9
Purl
pkg:deb/debian/tomcat9?arch=source&distro=forky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0.70-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-43512.json"