Bug 2476516 (CVE-2026-42498)
| Summary: | CVE-2026-42498 tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication. | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aakkiang, aschwart, asoldano, aszczucz, bbaranow, bmaxwell, boliveir, bstansbe, cfu, csutherl, dhanak, dlofthou, drichtar, drosa, dsoumis, edewata, gkimetto, gmalinko, ibek, istudens, ivassile, iweiss, janstey, jclere, jmagne, jrokos, jwon, mfargett, mharmsen, mnovotny, mosmerov, mposolda, msvehla, nwallace, pberan, pdelbell, pesilva, pjindal, plodge, pmackay, prisingh, rhel-process-autobot, rmartinc, rmaucher, rstancel, rstepani, sausingh, sdawley, skhandel, smaestri, snegrini, ssilvert, sthorger, szappis, taherrin, thjenkin, vchlup, vdosoudi, vmuzikar, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Apache Tomcat. During WebSocket authentication, the HTTP Authentication Header can be exposed to unexpected hosts. This vulnerability leads to information disclosure, potentially allowing an attacker to gain access to sensitive authentication credentials.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2488250, 2488251, 2488253 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-05-12 16:02:01 UTC
|