Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.82 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2n65-91en-cqa8
Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76 |
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-7nj6-9exh-5qgr
Aliases: CVE-2022-42252 GHSA-p22x-g9px-3945 |
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. |
|
VCID-r5jp-6b4w-rffw
Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-w5uu-nj7c-wka6
Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T11:26:46.394339+00:00 | GitLab Importer | Affected by | VCID-2n65-91en-cqa8 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-46589.yml | 37.0.0 |
| 2025-08-01T11:18:28.774762+00:00 | GitLab Importer | Affected by | VCID-r5jp-6b4w-rffw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2023-41080.yml | 37.0.0 |
| 2025-08-01T10:52:45.816271+00:00 | GitLab Importer | Affected by | VCID-7nj6-9exh-5qgr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat-coyote/CVE-2022-42252.yml | 37.0.0 |
| 2025-08-01T09:31:01.300366+00:00 | GHSA Importer | Affected by | VCID-w5uu-nj7c-wka6 | https://github.com/advisories/GHSA-qppj-fm5r-hxr3 | 37.0.0 |