{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-12T15:33:23Z",
  "bugzilla" : {
    "description" : "tomcat-coyote: tomcat: Improper Authorization allows security bypass",
    "id" : "2476519",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2476519"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-551",
  "details" : [ "Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat.\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nUsers are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.", "In Apache Tomcat, when multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. A remote attacker could exploit this to bypass intended security restrictions for information or actions within the application." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-05-05T00:00:00Z",
    "advisory" : "RHSA-2026:13745",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "tomcat11-main-11.0.22-0.1.hum1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Certificate System 10",
    "fix_state" : "Fix deferred",
    "package_name" : "redhat-pki:10/jss",
    "cpe" : "cpe:/a:redhat:certificate_system:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "jss",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "mod_proxy_cluster",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "jss",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "mod_proxy_cluster",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Fix deferred",
    "package_name" : "tomcat-coyote",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Affected",
    "package_name" : "tomcat10",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  }, {
    "product_name" : "Red Hat JBoss Core Services",
    "fix_state" : "Fix deferred",
    "package_name" : "jbcs-httpd24-mod_cluster-native",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1"
  }, {
    "product_name" : "Red Hat JBoss Core Services",
    "fix_state" : "Fix deferred",
    "package_name" : "jbcs-httpd24-mod_proxy_cluster",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack",
    "fix_state" : "Fix deferred",
    "package_name" : "tomcat-coyote",
    "cpe" : "cpe:/a:redhat:jbosseapxp"
  }, {
    "product_name" : "Red Hat JBoss Web Server 5",
    "fix_state" : "Fix deferred",
    "package_name" : "jws5-mod_cluster",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:5"
  }, {
    "product_name" : "Red Hat JBoss Web Server 5",
    "fix_state" : "Fix deferred",
    "package_name" : "tomcat-coyote",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:5"
  }, {
    "product_name" : "Red Hat JBoss Web Server 6",
    "fix_state" : "Fix deferred",
    "package_name" : "jws6-mod_cluster",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 6",
    "fix_state" : "Fix deferred",
    "package_name" : "tomcat-coyote",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:6"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces",
    "fix_state" : "Fix deferred",
    "package_name" : "devspaces/server-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Fix deferred",
    "package_name" : "tomcat-coyote",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  }, {
    "product_name" : "Red Hat Single Sign-On 7",
    "fix_state" : "Fix deferred",
    "package_name" : "tomcat-coyote",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-43515\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43515\nhttps://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb" ],
  "name" : "CVE-2026-43515",
  "csaw" : false
}