VulnerableCode Package Details - pkg:maven/org.apache.tomcat/coyote@9.0.81

Search for packages

Vulnerability	Summary	Fixed by
VCID-f68z-z5n7-aaae Aliases: CVE-2023-42795 GHSA-g8pj-r55q-5c2v	Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.	There are no reported fixed by versions.
VCID-r78u-gre6-aaaj Aliases: CVE-2023-45648 GHSA-r6j3-px5g-cq3x	Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-f68z-z5n7-aaae
Aliases:
CVE-2023-42795
GHSA-g8pj-r55q-5c2v

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

There are no reported fixed by versions.

VCID-r78u-gre6-aaaj
Aliases:
CVE-2023-45648
GHSA-r6j3-px5g-cq3x

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-09-17T22:37:00.481750+00:00	GitLab Importer	Affected by	VCID-r78u-gre6-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2023-45648.yml	34.0.1
2024-09-17T22:37:00.235395+00:00	GitLab Importer	Affected by	VCID-f68z-z5n7-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2023-42795.yml	34.0.1
2024-01-03T18:00:04.286924+00:00	GitLab Importer	Affected by	VCID-r78u-gre6-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2023-45648.yml	34.0.0rc1
2024-01-03T18:00:04.043618+00:00	GitLab Importer	Affected by	VCID-f68z-z5n7-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/coyote/CVE-2023-42795.yml	34.0.0rc1