VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.86

Search for packages

Vulnerability	Summary	Fixed by
VCID-ckkm-g4kc-tfbg Aliases: CVE-2025-31650 GHSA-3p2h-wqq4-wf4h	Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.	9.0.104 Affected by 0 other vulnerabilities. 10.1.40 Affected by 0 other vulnerabilities. 11.0.6 Affected by 0 other vulnerabilities.
VCID-yktk-48uz-aaac Aliases: CVE-2024-34750 GHSA-wm9w-rjj3-j356	Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.	9.0.90 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 10.1.25 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.0.0-M21 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-ckkm-g4kc-tfbg
Aliases:
CVE-2025-31650
GHSA-3p2h-wqq4-wf4h

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

9.0.104
Affected by 0 other vulnerabilities.

10.1.40
Affected by 0 other vulnerabilities.

11.0.6
Affected by 0 other vulnerabilities.

VCID-yktk-48uz-aaac
Aliases:
CVE-2024-34750
GHSA-wm9w-rjj3-j356

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.

9.0.90
Affected by 1 other vulnerability.

10.1.25
Affected by 1 other vulnerability.

11.0.0-M21
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-7uaw-6w3w-aaar	Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.	CVE-2024-24549 GHSA-7w75-32cg-r6g2

Vulnerability

Summary

Aliases

VCID-7uaw-6w3w-aaar

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.

CVE-2024-24549
GHSA-7w75-32cg-r6g2

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:20:49.980068+00:00	GitLab Importer	Affected by	VCID-ckkm-g4kc-tfbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml	36.1.3
2025-06-20T16:55:11.425492+00:00	GitLab Importer	Fixing	VCID-7uaw-6w3w-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-24549.yml	36.1.3
2025-06-03T23:55:44.080499+00:00	GitLab Importer	Affected by	VCID-ckkm-g4kc-tfbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml	36.1.0
2025-06-03T23:32:02.731956+00:00	GitLab Importer	Fixing	VCID-7uaw-6w3w-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-24549.yml	36.1.0
2025-06-02T23:54:38.690078+00:00	GitLab Importer	Affected by	VCID-ckkm-g4kc-tfbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml	36.1.2
2025-06-02T23:29:53.633665+00:00	GitLab Importer	Fixing	VCID-7uaw-6w3w-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-24549.yml	36.1.2
2025-05-29T23:36:39.641255+00:00	GitLab Importer	Affected by	VCID-ckkm-g4kc-tfbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml	36.0.0
2025-04-03T21:59:44.567030+00:00	GitLab Importer	Fixing	VCID-7uaw-6w3w-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-24549.yml	36.0.0
2025-02-18T03:48:11.242104+00:00	GitLab Importer	Fixing	VCID-7uaw-6w3w-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-24549.yml	35.1.0
2024-11-21T01:03:01.735623+00:00	GitLab Importer	Fixing	VCID-7uaw-6w3w-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-24549.yml	35.0.0
2024-11-19T00:51:59.403693+00:00	GitLab Importer	Fixing	VCID-7uaw-6w3w-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-24549.yml	34.3.2
2024-11-19T00:49:20.582597+00:00	GithubOSV Importer	Fixing	VCID-7uaw-6w3w-aaar	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-7w75-32cg-r6g2/GHSA-7w75-32cg-r6g2.json	34.3.2
2024-10-15T19:21:56.466299+00:00	GithubOSV Importer	Fixing	VCID-7uaw-6w3w-aaar	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-7w75-32cg-r6g2/GHSA-7w75-32cg-r6g2.json	34.0.2
2024-10-14T21:48:17.936724+00:00	GitLab Importer	Fixing	VCID-7uaw-6w3w-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-24549.yml	34.0.2
2024-10-07T22:14:45.233943+00:00	GHSA Importer	Affected by	VCID-yktk-48uz-aaac	https://github.com/advisories/GHSA-wm9w-rjj3-j356	34.0.2
2024-10-07T22:05:12.152703+00:00	GHSA Importer	Fixing	VCID-7uaw-6w3w-aaar	https://github.com/advisories/GHSA-7w75-32cg-r6g2	34.0.2
2024-09-22T22:41:27.496954+00:00	GHSA Importer	Affected by	VCID-yktk-48uz-aaac	https://github.com/advisories/GHSA-wm9w-rjj3-j356	34.0.1
2024-09-18T09:20:53.734089+00:00	GithubOSV Importer	Fixing	VCID-7uaw-6w3w-aaar	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-7w75-32cg-r6g2/GHSA-7w75-32cg-r6g2.json	34.0.1
2024-09-17T22:00:20.112196+00:00	GHSA Importer	Fixing	VCID-7uaw-6w3w-aaar	https://github.com/advisories/GHSA-7w75-32cg-r6g2	34.0.1
2024-04-23T23:13:19.247491+00:00	GithubOSV Importer	Fixing	VCID-7uaw-6w3w-aaar	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-7w75-32cg-r6g2/GHSA-7w75-32cg-r6g2.json	34.0.0rc4
2024-04-23T17:39:24.454798+00:00	GHSA Importer	Fixing	VCID-7uaw-6w3w-aaar	https://github.com/advisories/GHSA-7w75-32cg-r6g2	34.0.0rc4

2025-06-20T17:20:49.980068+00:00

GitLab Importer

Affected by

VCID-ckkm-g4kc-tfbg

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml

36.1.3

2025-06-20T16:55:11.425492+00:00

GitLab Importer

Fixing

Next non-vulnerable version	9.0.104
Latest non-vulnerable version	11.0.6
Risk	10.0