VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-7kak-h2zt-ukgn Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76	Apache Tomcat Improper Input Validation vulnerability Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.	11.0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-9snt-d7yb-83b7 Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc	Apache Tomcat Open Redirect vulnerability URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.	11.0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-bfxu-nwcp-1kd6 Aliases: CVE-2025-31650 GHSA-3p2h-wqq4-wf4h	multiple issues	11.0.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7kak-h2zt-ukgn
Aliases:
CVE-2023-46589
GHSA-fccv-jmmp-qg76

Apache Tomcat Improper Input Validation vulnerability Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

11.0.1
Affected by 1 other vulnerability.

VCID-9snt-d7yb-83b7
Aliases:
CVE-2023-41080
GHSA-q3mw-pvr8-9ggc

Apache Tomcat Open Redirect vulnerability URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.

11.0.1
Affected by 1 other vulnerability.

VCID-bfxu-nwcp-1kd6
Aliases:
CVE-2025-31650
GHSA-3p2h-wqq4-wf4h

multiple issues

11.0.6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-rcr4-rbsk-myej	Apache Tomcat Request and/or response mix-up Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.	CVE-2024-52317 GHSA-qvf5-hvjx-wm27

Vulnerability

Summary

Aliases

VCID-rcr4-rbsk-myej

Apache Tomcat Request and/or response mix-up Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.

CVE-2024-52317
GHSA-qvf5-hvjx-wm27

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:26:19.044979+00:00	GitLab Importer	Affected by	VCID-bfxu-nwcp-1kd6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml	37.0.0
2025-07-03T19:15:56.454334+00:00	GitLab Importer	Fixing	VCID-rcr4-rbsk-myej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-52317.yml	37.0.0
2025-07-03T18:54:03.640666+00:00	GitLab Importer	Affected by	VCID-7kak-h2zt-ukgn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml	37.0.0
2025-07-03T18:49:04.450660+00:00	GitLab Importer	Affected by	VCID-9snt-d7yb-83b7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml	37.0.0
2025-07-03T13:57:26.701836+00:00	GitLab Importer	Fixing	VCID-rcr4-rbsk-myej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-52317.yml	36.1.3
2025-07-01T18:15:07.710163+00:00	GitLab Importer	Affected by	VCID-7kak-h2zt-ukgn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml	36.1.3
2025-07-01T18:14:41.528745+00:00	GitLab Importer	Affected by	VCID-9snt-d7yb-83b7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml	36.1.3
2025-07-01T14:35:51.074158+00:00	GHSA Importer	Fixing	VCID-rcr4-rbsk-myej	https://github.com/advisories/GHSA-qvf5-hvjx-wm27	36.1.3
2025-07-01T12:10:38.564488+00:00	GithubOSV Importer	Fixing	VCID-rcr4-rbsk-myej	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-qvf5-hvjx-wm27/GHSA-qvf5-hvjx-wm27.json	36.1.3