Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0
purl pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.0
Next non-vulnerable version 11.0.6
Latest non-vulnerable version 11.0.6
Risk 10.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-ckkm-g4kc-tfbg
Aliases:
CVE-2025-31650
GHSA-3p2h-wqq4-wf4h
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
11.0.6
Affected by 0 other vulnerabilities.
VCID-e318-2aad-aaag
Aliases:
CVE-2023-41080
GHSA-q3mw-pvr8-9ggc
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.
11.0.1
Affected by 1 other vulnerability.
VCID-pcvp-wv2z-aaas
Aliases:
CVE-2023-46589
GHSA-fccv-jmmp-qg76
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
11.0.1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-cvmu-3hdx-3kdn Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue. CVE-2024-52317
GHSA-qvf5-hvjx-wm27

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:20:50.131712+00:00 GitLab Importer Affected by VCID-ckkm-g4kc-tfbg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml 36.1.3
2025-06-20T17:12:28.749358+00:00 GitLab Importer Fixing VCID-cvmu-3hdx-3kdn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-52317.yml 36.1.3
2025-06-20T16:48:39.878286+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 36.1.3
2025-06-20T16:40:56.810310+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 36.1.3
2025-06-20T16:40:53.032812+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.1.3
2025-06-03T23:55:44.204939+00:00 GitLab Importer Affected by VCID-ckkm-g4kc-tfbg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml 36.1.0
2025-06-03T23:48:11.649491+00:00 GitLab Importer Fixing VCID-cvmu-3hdx-3kdn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-52317.yml 36.1.0
2025-06-03T23:26:15.273579+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 36.1.0
2025-06-03T23:19:34.158725+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 36.1.0
2025-06-03T23:19:30.811394+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.1.0
2025-06-02T23:54:38.830620+00:00 GitLab Importer Affected by VCID-ckkm-g4kc-tfbg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml 36.1.2
2025-06-02T23:46:50.409357+00:00 GitLab Importer Fixing VCID-cvmu-3hdx-3kdn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-52317.yml 36.1.2
2025-06-02T23:23:50.093118+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 36.1.2
2025-06-02T23:16:39.079626+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 36.1.2
2025-06-02T23:16:35.276957+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.1.2
2025-05-29T23:36:39.814296+00:00 GitLab Importer Affected by VCID-ckkm-g4kc-tfbg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2025-31650.yml 36.0.0
2025-04-04T11:32:25.852424+00:00 GithubOSV Importer Fixing VCID-cvmu-3hdx-3kdn https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-qvf5-hvjx-wm27/GHSA-qvf5-hvjx-wm27.json 36.0.0
2025-04-03T21:46:40.651004+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 36.0.0
2025-04-03T21:31:14.320474+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 36.0.0
2025-04-03T21:31:06.114097+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 36.0.0
2025-03-28T20:12:44.603837+00:00 GHSA Importer Fixing VCID-cvmu-3hdx-3kdn https://github.com/advisories/GHSA-qvf5-hvjx-wm27 36.0.0
2025-03-28T16:49:28.907352+00:00 GitLab Importer Fixing VCID-cvmu-3hdx-3kdn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-52317.yml 36.0.0
2025-02-18T04:15:07.032417+00:00 GitLab Importer Fixing VCID-cvmu-3hdx-3kdn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-52317.yml 35.1.0
2025-02-18T01:05:27.008641+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 35.1.0
2025-02-18T01:04:31.343241+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag None 35.1.0
2025-02-18T01:04:27.839188+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 35.1.0
2024-12-19T19:16:00.105013+00:00 GitLab Importer Fixing VCID-cvmu-3hdx-3kdn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2024-52317.yml 35.0.0
2024-11-20T23:30:40.093094+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 35.0.0
2024-11-20T23:30:16.510085+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 35.0.0
2024-11-19T19:46:51.384863+00:00 GHSA Importer Fixing VCID-cvmu-3hdx-3kdn https://github.com/advisories/GHSA-qvf5-hvjx-wm27 34.3.2
2024-11-19T00:40:30.203687+00:00 GithubOSV Importer Fixing VCID-cvmu-3hdx-3kdn https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-qvf5-hvjx-wm27/GHSA-qvf5-hvjx-wm27.json 34.3.2
2024-11-18T23:19:32.377699+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 34.3.2
2024-11-18T23:19:02.605536+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 34.3.2
2024-10-17T03:54:50.113206+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 34.0.2
2024-10-17T03:54:30.235280+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 34.0.2
2024-09-17T22:36:26.724534+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 34.0.1
2024-09-17T22:36:24.734130+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 34.0.1
2024-01-03T17:59:32.254552+00:00 GitLab Importer Affected by VCID-pcvp-wv2z-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml 34.0.0rc1
2024-01-03T17:59:30.552759+00:00 GitLab Importer Affected by VCID-e318-2aad-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml 34.0.0rc1