VulnerableCode Package Details - pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.0-M2

Search for packages

Package details: pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.0-M2

Essentials
History (13)

purl	pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.0-M2

Next non-vulnerable version	10.1.40
Latest non-vulnerable version	11.0.6
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-2c6h-srga-aaap Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c	Apache Commons FileUpload denial of service vulnerability	10.1.5 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.0-M5 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-6y3x-kyj7-aaaf Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.	10.1.14 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.0-M12 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7tp8-ektn-aaan Aliases: CVE-2022-42252 GHSA-p22x-g9px-3945	Apache Tomcat may reject request containing invalid Content-Length header	10.1.1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7uaw-6w3w-aaar Aliases: CVE-2024-24549 GHSA-7w75-32cg-r6g2	Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.	10.1.19 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.0-M17 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yktk-48uz-aaac Aliases: CVE-2024-34750 GHSA-wm9w-rjj3-j356	Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.	10.1.25 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 11.0.0-M21 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-10-07T22:14:45.380150+00:00	GHSA Importer	Affected by	VCID-yktk-48uz-aaac	https://github.com/advisories/GHSA-wm9w-rjj3-j356	34.0.2
2024-10-07T22:05:12.279765+00:00	GHSA Importer	Affected by	VCID-7uaw-6w3w-aaar	https://github.com/advisories/GHSA-7w75-32cg-r6g2	34.0.2
2024-10-07T21:44:32.111186+00:00	GHSA Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://github.com/advisories/GHSA-qppj-fm5r-hxr3	34.0.2
2024-10-07T21:09:54.442908+00:00	GHSA Importer	Affected by	VCID-2c6h-srga-aaap	https://github.com/advisories/GHSA-hfrx-6qgj-fp6c	34.0.2
2024-10-07T20:56:01.858473+00:00	GHSA Importer	Affected by	VCID-7tp8-ektn-aaan	https://github.com/advisories/GHSA-p22x-g9px-3945	34.0.2
2024-09-22T22:41:27.662852+00:00	GHSA Importer	Affected by	VCID-yktk-48uz-aaac	https://github.com/advisories/GHSA-wm9w-rjj3-j356	34.0.1
2024-09-22T22:27:08.274784+00:00	GHSA Importer	Affected by	VCID-7uaw-6w3w-aaar	https://github.com/advisories/GHSA-7w75-32cg-r6g2	34.0.1
2024-09-22T22:14:02.804971+00:00	GHSA Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://github.com/advisories/GHSA-qppj-fm5r-hxr3	34.0.1
2024-09-22T21:45:14.408131+00:00	GHSA Importer	Affected by	VCID-2c6h-srga-aaap	https://github.com/advisories/GHSA-hfrx-6qgj-fp6c	34.0.1
2024-09-22T21:33:11.627119+00:00	GHSA Importer	Affected by	VCID-7tp8-ektn-aaan	https://github.com/advisories/GHSA-p22x-g9px-3945	34.0.1
2024-05-17T21:14:37.694598+00:00	GHSA Importer	Affected by	VCID-7uaw-6w3w-aaar	https://github.com/advisories/GHSA-7w75-32cg-r6g2	34.0.0rc4
2024-05-17T19:42:14.356640+00:00	GHSA Importer	Affected by	VCID-7tp8-ektn-aaan	https://github.com/advisories/GHSA-p22x-g9px-3945	34.0.0rc4
2024-04-24T00:04:16.745272+00:00	GHSA Importer	Affected by	VCID-2c6h-srga-aaap	https://github.com/advisories/GHSA-hfrx-6qgj-fp6c	34.0.0rc4