pkg:maven/org.apache.tomcat/tomcat-coyote
Type
maven
Namespace
org.apache.tomcat
Name
tomcat-coyote
Known advisories, vulnerabilities and fixes for org.apache.tomcat/tomcat-coyote package.
Critical
1
High
7
Moderate
5
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 8.5.0, <= 8.5.98 |
CVE-2024-24549
|
 MAVEN:GHSA-7W75-32CG-R6G2
|
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests | moderate |
2024-03-13T18:31:34
(6 months ago) |
|
| Fixed | = 8.5.99 |
CVE-2024-24549
|
MAVEN:GHSA-7W75-32CG-R6G2
|
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests | moderate |
2024-03-13T18:31:34
(6 months ago) |
|
| Affected | >= 8.5.0, <= 8.5.12 |
CVE-2017-5651
|
MAVEN:GHSA-9HG2-395J-83RM
|
Expected Behavior Violation in Apache Tomcat | critical |
2022-05-13T01:46:13
(2 years ago) |
|
| Fixed | = 8.5.13 |
CVE-2017-5651
|
MAVEN:GHSA-9HG2-395J-83RM
|
Expected Behavior Violation in Apache Tomcat | critical |
2022-05-13T01:46:13
(2 years ago) |
|
| Affected | >= 8.5.85, < 8.5.88 |
CVE-2023-28709
|
MAVEN:GHSA-CX6H-86XW-9X34
|
Apache Tomcat - Fix for CVE-2023-24998 was incomplete | high |
2023-07-06T21:14:59
(14 months ago) |
|
| Fixed | = 8.5.88 |
CVE-2023-28709
|
MAVEN:GHSA-CX6H-86XW-9X34
|
Apache Tomcat - Fix for CVE-2023-24998 was incomplete | high |
2023-07-06T21:14:59
(14 months ago) |
|
| Affected | >= 8.5.0, <= 8.5.57 >= 9.0.0-M1, <= 9.0.37 >= 10.0.0-M1, <= 10.0.0-M7 |
CVE-2020-13943
|
MAVEN:GHSA-F268-65QC-98VG
|
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | moderate |
2022-02-09T23:03:53
(2 years ago) |
|
| Fixed | = 8.5.58 = 9.0.38 = 10.0.0-M8 |
CVE-2020-13943
|
MAVEN:GHSA-F268-65QC-98VG
|
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | moderate |
2022-02-09T23:03:53
(2 years ago) |
|
| Affected | >= 9.0.0-M11, < 9.0.44 |
CVE-2024-21733
|
MAVEN:GHSA-F4QF-M5GF-8JM8
|
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information | moderate |
2024-01-19T12:30:18
(8 months ago) |
|
| Fixed | = 9.0.44 |
CVE-2024-21733
|
MAVEN:GHSA-F4QF-M5GF-8JM8
|
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information | moderate |
2024-01-19T12:30:18
(8 months ago) |
|
| Affected | >= 9.0.0-M1, < 9.0.71 |
CVE-2023-24998
|
MAVEN:GHSA-HFRX-6QGJ-FP6C
|
Apache Commons FileUpload denial of service vulnerability | high |
2023-02-20T18:30:17
(19 months ago) |
|
| Fixed | = 9.0.71 |
CVE-2023-24998
|
MAVEN:GHSA-HFRX-6QGJ-FP6C
|
Apache Commons FileUpload denial of service vulnerability | high |
2023-02-20T18:30:17
(19 months ago) |
|
| Affected | >= 6.0.0, < 6.0.48 >= 7.0.0, < 7.0.73 >= 8.0.0RC1, < 8.0.39 >= 8.5.0, < 8.5.8 >= 9.0.0.M1, <= 9.0.0.M11 |
CVE-2016-6816
|
MAVEN:GHSA-JC7P-5R39-9477
|
Improper Input Validation in Apache Tomcat | high |
2022-05-13T01:14:53
(2 years ago) |
|
| Fixed | = 6.0.48 = 7.0.73 = 8.0.39 = 8.5.8 = 9.0.0.M12 |
CVE-2016-6816
|
MAVEN:GHSA-JC7P-5R39-9477
|
Improper Input Validation in Apache Tomcat | high |
2022-05-13T01:14:53
(2 years ago) |
|
| Affected | = 8.5.88 |
CVE-2023-34981
|
MAVEN:GHSA-MPPV-79CH-VW6Q
|
Apache Tomcat vulnerable to information leak | high |
2023-06-21T12:30:19
(15 months ago) |
|
| Fixed | = 8.5.89 |
CVE-2023-34981
|
MAVEN:GHSA-MPPV-79CH-VW6Q
|
Apache Tomcat vulnerable to information leak | high |
2023-06-21T12:30:19
(15 months ago) |
|
| Affected | >= 10.1.0-M1, < 10.1.1 |
CVE-2022-42252
|
MAVEN:GHSA-P22X-G9PX-3945
|
Apache Tomcat may reject request containing invalid Content-Length header | high |
2022-11-01T12:00:30
(22 months ago) |
|
| Fixed | = 10.1.1 |
CVE-2022-42252
|
MAVEN:GHSA-P22X-G9PX-3945
|
Apache Tomcat may reject request containing invalid Content-Length header | high |
2022-11-01T12:00:30
(22 months ago) |
|
| Affected | >= 8.5.0, < 8.5.94 |
CVE-2023-44487
|
MAVEN:GHSA-QPPJ-FM5R-HXR3
|
HTTP/2 Stream Cancellation Attack | moderate |
2023-10-10T21:28:24
(11 months ago) |
|
| Fixed | = 8.5.94 |
CVE-2023-44487
|
MAVEN:GHSA-QPPJ-FM5R-HXR3
|
HTTP/2 Stream Cancellation Attack | moderate |
2023-10-10T21:28:24
(11 months ago) |
|
| Affected | >= 8.5.0, < 8.5.60 >= 9.0.0-M1, < 9.0.40 >= 10.0.0-M1, < 10.0.0-M10 |
CVE-2020-17527
|
MAVEN:GHSA-VVW4-RFWF-P6HX
|
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | high |
2022-02-09T22:58:06
(2 years ago) |
|
| Fixed | = 8.5.60 = 9.0.40 = 10.0.0-M10 |
CVE-2020-17527
|
MAVEN:GHSA-VVW4-RFWF-P6HX
|
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | high |
2022-02-09T22:58:06
(2 years ago) |
|
| Affected | >= 8.0.0-RC1, < 8.0.4 |
CVE-2014-0095
|
MAVEN:GHSA-WF5V-JHXJ-Q632
|
Denial of service in Apache Tomcat | moderate |
2022-05-17T00:24:30
(2 years ago) |
|
| Fixed | = 8.0.4 |
CVE-2014-0095
|
MAVEN:GHSA-WF5V-JHXJ-Q632
|
Denial of service in Apache Tomcat | moderate |
2022-05-17T00:24:30
(2 years ago) |
|
| Affected | >= 9.0.0-M1, < 9.0.90 >= 10.1.0-M1, < 10.1.25 >= 11.0.0-M1, < 11.0.0-M21 |
CVE-2024-34750
|
MAVEN:GHSA-WM9W-RJJ3-J356
|
Apache Tomcat - Denial of Service | high |
2024-07-03T21:39:44
(2 months ago) |
|
| Fixed | = 9.0.90 = 10.1.25 = 11.0.0-M21 |
CVE-2024-34750
|
MAVEN:GHSA-WM9W-RJJ3-J356
|
Apache Tomcat - Denial of Service | high |
2024-07-03T21:39:44
(2 months ago) |