Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-259r-tjud-aaad
Aliases: CVE-2020-1935 GHSA-qxf4-chvg-4r8r |
Potential HTTP request smuggling in Apache Tomcat |
Affected by 13 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-2xpy-bz6f-aaak
Aliases: CVE-2020-1938 GHSA-c9hw-wf7x-jp9j |
Improper Privilege Management in Tomcat |
Affected by 13 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-3pmw-yhnf-aaaj
Aliases: CVE-2017-5651 GHSA-9hg2-395j-83rm |
Information Exposure The refactoring of the HTTP connectors introduced a regression in the send file processing. If the file processing completed quickly, it is possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. |
Affected by 15 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-6y3x-kyj7-aaaf
Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Affected by 2 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-7nyx-ctuq-aaar
Aliases: CVE-2020-17527 GHSA-vvw4-rfwf-p6hx |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
Affected by 7 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. |
|
VCID-7tp8-ektn-aaan
Aliases: CVE-2022-42252 GHSA-p22x-g9px-3945 |
Apache Tomcat may reject request containing invalid Content-Length header |
Affected by 13 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 1 other vulnerability. Affected by 6 other vulnerabilities. |
|
VCID-7uaw-6w3w-aaar
Aliases: CVE-2024-24549 GHSA-7w75-32cg-r6g2 |
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-a1en-zn2z-aaab
Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438 |
Apache Tomcat Race Condition vulnerability |
Affected by 5 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-b48f-8g9g-aaah
Aliases: CVE-2020-13934 GHSA-vf77-8h7g-gghp |
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat |
Affected by 10 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-e318-2aad-aaag
Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. |
Affected by 3 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-garj-878k-aaab
Aliases: CVE-2020-11996 GHSA-53hp-jpwq-2jgq |
Uncontrolled Resource Consumption in Apache Tomcat |
Affected by 12 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-nj2d-yt1t-aaaj
Aliases: CVE-2020-13935 GHSA-m7jv-hq7h-mq7c |
Infinite Loop in Apache Tomcat |
Affected by 10 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-pcvp-wv2z-aaas
Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76 |
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11Â onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. |
Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-q1t4-rzf5-aaac
Aliases: CVE-2016-6816 GHSA-jc7p-5r39-9477 |
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. |
Affected by 16 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-qg8v-amgp-aaad
Aliases: CVE-2020-13943 GHSA-f268-65qc-98vg |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
Affected by 9 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-w4d3-t13k-aaab
Aliases: CVE-2021-24122 GHSA-2rvv-w9r2-rg7m |
Information Disclosure in Apache Tomcat |
Affected by 7 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-wqse-hqa4-aaap
Aliases: CVE-2021-33037 GHSA-4vww-mc66-62m6 |
HTTP Request Smuggling in Apache Tomcat |
Affected by 6 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||