Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.0-M1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2c6h-srga-aaap
Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c |
Apache Commons FileUpload denial of service vulnerability |
Affected by 5 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-6y3x-kyj7-aaaf
Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Affected by 4 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-7tp8-ektn-aaan
Aliases: CVE-2022-42252 GHSA-p22x-g9px-3945 |
Apache Tomcat may reject request containing invalid Content-Length header |
Affected by 6 other vulnerabilities. |
|
VCID-7uaw-6w3w-aaar
Aliases: CVE-2024-24549 GHSA-7w75-32cg-r6g2 |
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-f68z-z5n7-aaae
Aliases: CVE-2023-42795 GHSA-g8pj-r55q-5c2v |
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. |
Affected by 4 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-yktk-48uz-aaac
Aliases: CVE-2024-34750 GHSA-wm9w-rjj3-j356 |
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-05T17:12:10.840181+00:00 | GHSA Importer | Affected by | VCID-yktk-48uz-aaac | https://github.com/advisories/GHSA-wm9w-rjj3-j356 | 36.1.0 |
| 2025-03-29T10:49:32.169046+00:00 | GHSA Importer | Affected by | VCID-f68z-z5n7-aaae | https://github.com/advisories/GHSA-g8pj-r55q-5c2v | 36.0.0 |
| 2025-03-29T10:49:21.261346+00:00 | GHSA Importer | Affected by | VCID-2c6h-srga-aaap | https://github.com/advisories/GHSA-hfrx-6qgj-fp6c | 36.0.0 |
| 2024-10-07T22:14:45.374346+00:00 | GHSA Importer | Affected by | VCID-yktk-48uz-aaac | https://github.com/advisories/GHSA-wm9w-rjj3-j356 | 34.0.2 |
| 2024-10-07T22:05:12.273597+00:00 | GHSA Importer | Affected by | VCID-7uaw-6w3w-aaar | https://github.com/advisories/GHSA-7w75-32cg-r6g2 | 34.0.2 |
| 2024-10-07T21:44:32.106054+00:00 | GHSA Importer | Affected by | VCID-6y3x-kyj7-aaaf | https://github.com/advisories/GHSA-qppj-fm5r-hxr3 | 34.0.2 |
| 2024-10-07T21:09:54.432877+00:00 | GHSA Importer | Affected by | VCID-2c6h-srga-aaap | https://github.com/advisories/GHSA-hfrx-6qgj-fp6c | 34.0.2 |
| 2024-10-07T20:56:01.852241+00:00 | GHSA Importer | Affected by | VCID-7tp8-ektn-aaan | https://github.com/advisories/GHSA-p22x-g9px-3945 | 34.0.2 |
| 2024-09-22T22:14:02.798915+00:00 | GHSA Importer | Affected by | VCID-6y3x-kyj7-aaaf | https://github.com/advisories/GHSA-qppj-fm5r-hxr3 | 34.0.1 |
| 2024-09-17T22:00:20.155082+00:00 | GHSA Importer | Affected by | VCID-7uaw-6w3w-aaar | https://github.com/advisories/GHSA-7w75-32cg-r6g2 | 34.0.1 |
| 2024-09-17T22:00:13.593883+00:00 | GHSA Importer | Affected by | VCID-2c6h-srga-aaap | https://github.com/advisories/GHSA-hfrx-6qgj-fp6c | 34.0.1 |
| 2024-09-17T22:00:08.201257+00:00 | GHSA Importer | Affected by | VCID-7tp8-ektn-aaan | https://github.com/advisories/GHSA-p22x-g9px-3945 | 34.0.1 |
| 2024-09-17T21:59:53.991488+00:00 | GHSA Importer | Affected by | VCID-yktk-48uz-aaac | https://github.com/advisories/GHSA-wm9w-rjj3-j356 | 34.0.1 |
| 2024-07-06T02:04:09.827885+00:00 | GHSA Importer | Affected by | VCID-yktk-48uz-aaac | https://github.com/advisories/GHSA-wm9w-rjj3-j356 | 34.0.0rc4 |
| 2024-04-23T23:49:12.004137+00:00 | GHSA Importer | Affected by | VCID-7tp8-ektn-aaan | https://github.com/advisories/GHSA-p22x-g9px-3945 | 34.0.0rc4 |
| 2024-04-23T17:39:24.488767+00:00 | GHSA Importer | Affected by | VCID-7uaw-6w3w-aaar | https://github.com/advisories/GHSA-7w75-32cg-r6g2 | 34.0.0rc4 |
| 2024-04-23T17:39:18.558490+00:00 | GHSA Importer | Affected by | VCID-2c6h-srga-aaap | https://github.com/advisories/GHSA-hfrx-6qgj-fp6c | 34.0.0rc4 |