Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.93
purl pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.93
Next non-vulnerable version 8.5.99
Latest non-vulnerable version 11.0.6
Risk 10.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-6y3x-kyj7-aaaf
Aliases:
CVE-2023-44487
GHSA-qppj-fm5r-hxr3
VSV00013
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
8.5.94
Affected by 2 other vulnerabilities.
9.0.81
Affected by 4 other vulnerabilities.
10.1.14
Affected by 4 other vulnerabilities.
11.0.0-M12
Affected by 3 other vulnerabilities.
VCID-7uaw-6w3w-aaar
Aliases:
CVE-2024-24549
GHSA-7w75-32cg-r6g2
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
8.5.99
Affected by 0 other vulnerabilities.
9.0.86
Affected by 2 other vulnerabilities.
10.1.19
Affected by 2 other vulnerabilities.
11.0.0-M17
Affected by 2 other vulnerabilities.
VCID-pcvp-wv2z-aaas
Aliases:
CVE-2023-46589
GHSA-fccv-jmmp-qg76
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
8.5.96
Affected by 1 other vulnerability.
9.0.83
Affected by 3 other vulnerabilities.
10.1.16
Affected by 3 other vulnerabilities.
11.0.1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-e318-2aad-aaag URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. CVE-2023-41080
GHSA-q3mw-pvr8-9ggc

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T16:48:39.666407+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 36.1.3
2025-06-20T16:40:56.646335+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 36.1.3
2025-06-20T16:40:52.859102+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag None 36.1.3
2025-06-03T23:26:15.098517+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 36.1.0
2025-06-03T23:19:34.020973+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 36.1.0
2025-06-03T23:19:30.686556+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag None 36.1.0
2025-06-02T23:23:49.927580+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 36.1.2
2025-06-02T23:16:38.915699+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 36.1.2
2025-06-02T23:16:35.117912+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag None 36.1.2
2025-04-03T21:46:40.160490+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 36.0.0
2025-04-03T21:31:13.891158+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 36.0.0
2025-04-03T21:31:05.753007+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag None 36.0.0
2025-02-18T01:05:26.541569+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 35.1.0
2025-02-18T01:04:30.955143+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag None 35.1.0
2025-02-18T01:04:27.422646+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 35.1.0
2024-11-20T23:30:39.620821+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 35.0.0
2024-11-20T23:30:16.089339+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 35.0.0
2024-11-18T23:19:31.910633+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 34.3.2
2024-11-18T23:19:02.173981+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 34.3.2
2024-10-08T00:16:55.813601+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 34.0.2
2024-10-08T00:16:30.901683+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 34.0.2
2024-10-07T22:05:12.991138+00:00 GHSA Importer Affected by VCID-7uaw-6w3w-aaar https://github.com/advisories/GHSA-7w75-32cg-r6g2 34.0.2
2024-10-07T21:44:44.185803+00:00 GHSA Importer Affected by VCID-6y3x-kyj7-aaaf https://github.com/advisories/GHSA-qppj-fm5r-hxr3 34.0.2
2024-09-23T00:30:57.110186+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 34.0.1
2024-09-22T22:27:08.961553+00:00 GHSA Importer Affected by VCID-7uaw-6w3w-aaar https://github.com/advisories/GHSA-7w75-32cg-r6g2 34.0.1
2024-09-22T22:14:15.197666+00:00 GHSA Importer Affected by VCID-6y3x-kyj7-aaaf https://github.com/advisories/GHSA-qppj-fm5r-hxr3 34.0.1
2024-09-17T22:36:24.739558+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 34.0.1
2024-05-17T21:14:36.662794+00:00 GHSA Importer Affected by VCID-7uaw-6w3w-aaar https://github.com/advisories/GHSA-7w75-32cg-r6g2 34.0.0rc4
2024-04-24T02:41:53.658670+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 34.0.0rc4
2024-04-24T02:41:10.075193+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag None 34.0.0rc4
2024-04-24T02:41:09.133236+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 34.0.0rc4
2024-01-10T05:17:12.286208+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 34.0.0rc2
2024-01-10T05:16:28.759161+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag None 34.0.0rc2
2024-01-10T05:16:27.785324+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 34.0.0rc2
2024-01-03T22:05:02.796275+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 34.0.0rc1
2024-01-03T22:04:18.642969+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag None 34.0.0rc1
2024-01-03T17:59:30.557495+00:00 GitLab Importer Fixing VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 34.0.0rc1