org.apache.tomcat:tomcat-coyote vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.tomcat:tomcat-coyote package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Resource Shutdown or Release	[9.0.0.M1,9.0.108)[10.1.0-M1,10.1.44)[11.0.0-M1,11.0.10)
H Allocation of Resources Without Limits or Throttling	[9.0.0.M1,9.0.107)[10.1.0-M1,10.1.43)[11.0.0-M1,11.0.9)
H Improper Cleanup on Thrown Exception	[9.0.76,9.0.104)[10.1.10,10.1.40)[11.0.0-M2,11.0.6)
M Inadequate Encryption Strength	[9.0.93,9.0.96)[10.1.28,10.1.31)[11.0.0-M24,11.0.0)
H Allocation of Resources Without Limits or Throttling	[9.0.13,9.0.90)[10.1.0-M1,10.1.25)[11.0.0-M1,11.0.0-M21)
H Insufficient Session Expiration	[,9.0.90)[10.1.0-M1,10.1.25)[11.0.0-M1,11.0.0-M21)
H Denial of Service (DoS)	[8.5.0,8.5.99)[9.0.0-M1,9.0.86)[10.1.0-M1,10.1.19)[11.0.0-M1,1.0.0-M17)
M Information Exposure	[8.5.7,8.5.64)[9.0.0-M11,9.0.44)[10.0.0-M1,10.0.4)
M Improper Input Validation	[8.5.0,8.5.94)[9.0.0-M1,9.0.81)[10.1.0-M1,10.1.14)[11.0.0-M1,11.0.0-M12)
H Denial of Service (DoS)	[,8.5.94)[9.0.0,9.0.81)[10.0.0,10.1.14)[11.0.0-M3,11.0.0-M12)
H Information Exposure	[8.5.88,8.5.89)[9.0.74,9.0.75)[10.1.8,10.1.9)[11.0.0-M5,11.0.0-M6)
L HTTP Request Smuggling	[8.5.0,8.5.53)[9.0.0-M1,9.0.68)[10.0.0-M1,10.0.27)[10.1.0-M1,10.1.1)
H Improper Resource Shutdown or Release	[8.5.0,8.5.76)[9.0.0.M1,9.0.21)
H Denial of Service (DoS)	[10.0.0,10.0.4)[8.0.0,8.5.64)[9.0.0,9.0.44)
M HTTP Request Smuggling	[10.0.0-M1,10.0.7)[9.0.0.M1,9.0.48)[8.5.0,8.5.68)
H Denial of Service (DoS)	[10.0.3,10.0.5)[9.0.44,9.0.45)[8.5.64,8.5.65)
M HTTP Request Smuggling	[10.0.0-M1,10.0.2)[9.0.0.M1,9.0.43)[8.5.0,8.5.63)
M HTTP Request Smuggling	[10.0.0-M1,10.0.0-M8)[9.0.0.M5,9.0.38)[8.5.1,8.5.58)
M Denial of Service (DoS)	[10.0.0-M1,10.0.0-M7)[9.0.0.M5,9.0.37)[8.5.1,8.5.57)
H Denial of Service (DoS)	[8.5.0,8.5.56)[9.0.0.M1,9.0.36)[10.0.0-M1,10.0.0-M6)
L HTTP Request Smuggling	[7.0.98,7.0.100)[8.5.48,8.5.51)[9.0.28,9.0.31)
H Arbitrary File Upload	[9.0.0,9.0.31)[8.0.0,8.5.51)[,7.0.100)
H Denial of Service (DoS)	[8.5.0,8.5.40)[9.0.0.M1,9.0.20)
H Denial of Service (DoS)	[8.5.0,8.5.38)[9.0.0.M1,9.0.16)
H Information Exposure	[8.5.7,8.5.10)[9.0.0.M11,9.0.0.M16)
H Denial of Service (DoS)	[7.0.0,7.0.59]
H Denial of Service (DoS)	[8.5.0,8.5.13)[9-alpha,9.0.0.M19)
H Information Exposure	[7.0.0,7.0.77)[8,8.0.43)[8.5.0,8.5.13)[9-alpha,9.0.0.M19)
C Information Exposure	[8.5.0,8.5.13)[9-alpha,9.0.0.M19)
H Denial of Service (DoS)	[7,7.0.51)[8,8.0.2)
H Denial of Service (DoS)	[8.5.0,8.5.8)[9.0.0M1,9.0.0M13)
H Information Exposure	[7.0.0,7.0.73)[8,8.0.39)[8.5.0,8.5.8)[9-alpha,9.0.0.M13)
M Denial of Service (DoS)	[7.0.0,7.0.6]
H Access Restriction Bypass	[7.0.0,7.0.20]
M Information Exposure	[7.0.0,7.0.22)
M Improper Input Validation	[7.0.0,7.0.19)
M Information Exposure	[7.0.0,7.0.47)[8.0.0-RC1,8.0.0-RC3)
M HTTP Request Smuggling	[7.0.0,7.0.53)[8,8.0.4)
M HTTP Request Smuggling	[7.0.0,7.0.55)[8,8.0.9)
M Improper Input Validation	[7.0.0,7.0.12)
M Denial of Service (DoS)	[7.0.0,7.0.53)[8,8.0.4)
M Improper Input Validation	[8.0,8.0.4)
M Improper Input Validation	[7.0.0,7.0.28)
M Improper Input Validation	[7.0.0,7.0.30)
L Denial of Service (DoS)	[7.0.0,7.0.28)
M Denial of Service (DoS)	[7.0.0,7.0.50)[8.0.0-RC1,8.0.0-RC10)
M Information Exposure	[5.5.0,5.5.30)[6.0.0,6.0.28)[7.0.0,7.0.2)

Vulnerability

Vulnerable Version

Improper Resource Shutdown or Release

[9.0.0.M1,9.0.108)[10.1.0-M1,10.1.44)[11.0.0-M1,11.0.10)

Allocation of Resources Without Limits or Throttling

[9.0.0.M1,9.0.107)[10.1.0-M1,10.1.43)[11.0.0-M1,11.0.9)

Improper Cleanup on Thrown Exception

[9.0.76,9.0.104)[10.1.10,10.1.40)[11.0.0-M2,11.0.6)

Inadequate Encryption Strength

[9.0.93,9.0.96)[10.1.28,10.1.31)[11.0.0-M24,11.0.0)

Allocation of Resources Without Limits or Throttling

[9.0.13,9.0.90)[10.1.0-M1,10.1.25)[11.0.0-M1,11.0.0-M21)

Insufficient Session Expiration

[,9.0.90)[10.1.0-M1,10.1.25)[11.0.0-M1,11.0.0-M21)

Denial of Service (DoS)

[8.5.0,8.5.99)[9.0.0-M1,9.0.86)[10.1.0-M1,10.1.19)[11.0.0-M1,1.0.0-M17)

Information Exposure

[8.5.7,8.5.64)[9.0.0-M11,9.0.44)[10.0.0-M1,10.0.4)

Improper Input Validation

[8.5.0,8.5.94)[9.0.0-M1,9.0.81)[10.1.0-M1,10.1.14)[11.0.0-M1,11.0.0-M12)

Denial of Service (DoS)

[,8.5.94)[9.0.0,9.0.81)[10.0.0,10.1.14)[11.0.0-M3,11.0.0-M12)

Information Exposure

[8.5.88,8.5.89)[9.0.74,9.0.75)[10.1.8,10.1.9)[11.0.0-M5,11.0.0-M6)

HTTP Request Smuggling

[8.5.0,8.5.53)[9.0.0-M1,9.0.68)[10.0.0-M1,10.0.27)[10.1.0-M1,10.1.1)

Improper Resource Shutdown or Release

[8.5.0,8.5.76)[9.0.0.M1,9.0.21)

Denial of Service (DoS)

[10.0.0,10.0.4)[8.0.0,8.5.64)[9.0.0,9.0.44)

HTTP Request Smuggling

[10.0.0-M1,10.0.7)[9.0.0.M1,9.0.48)[8.5.0,8.5.68)

Denial of Service (DoS)

[10.0.3,10.0.5)[9.0.44,9.0.45)[8.5.64,8.5.65)

HTTP Request Smuggling

[10.0.0-M1,10.0.2)[9.0.0.M1,9.0.43)[8.5.0,8.5.63)

HTTP Request Smuggling

[10.0.0-M1,10.0.0-M8)[9.0.0.M5,9.0.38)[8.5.1,8.5.58)

Denial of Service (DoS)

[10.0.0-M1,10.0.0-M7)[9.0.0.M5,9.0.37)[8.5.1,8.5.57)

Denial of Service (DoS)

[8.5.0,8.5.56)[9.0.0.M1,9.0.36)[10.0.0-M1,10.0.0-M6)

HTTP Request Smuggling

[7.0.98,7.0.100)[8.5.48,8.5.51)[9.0.28,9.0.31)

Arbitrary File Upload

[9.0.0,9.0.31)[8.0.0,8.5.51)[,7.0.100)

Denial of Service (DoS)

[8.5.0,8.5.40)[9.0.0.M1,9.0.20)

Denial of Service (DoS)

[8.5.0,8.5.38)[9.0.0.M1,9.0.16)

Information Exposure

[8.5.7,8.5.10)[9.0.0.M11,9.0.0.M16)

Denial of Service (DoS)

[7.0.0,7.0.59]

Denial of Service (DoS)

[8.5.0,8.5.13)[9-alpha,9.0.0.M19)

Information Exposure

[7.0.0,7.0.77)[8,8.0.43)[8.5.0,8.5.13)[9-alpha,9.0.0.M19)

Information Exposure

[8.5.0,8.5.13)[9-alpha,9.0.0.M19)

Denial of Service (DoS)

[7,7.0.51)[8,8.0.2)

Denial of Service (DoS)

[8.5.0,8.5.8)[9.0.0M1,9.0.0M13)

Information Exposure

[7.0.0,7.0.73)[8,8.0.39)[8.5.0,8.5.8)[9-alpha,9.0.0.M13)

Denial of Service (DoS)

[7.0.0,7.0.6]

Access Restriction Bypass

[7.0.0,7.0.20]

Information Exposure

[7.0.0,7.0.22)

Improper Input Validation

[7.0.0,7.0.19)

Information Exposure

[7.0.0,7.0.47)[8.0.0-RC1,8.0.0-RC3)

HTTP Request Smuggling

[7.0.0,7.0.53)[8,8.0.4)

HTTP Request Smuggling

[7.0.0,7.0.55)[8,8.0.9)

Improper Input Validation

[7.0.0,7.0.12)

Denial of Service (DoS)

[7.0.0,7.0.53)[8,8.0.4)

Improper Input Validation

[8.0,8.0.4)

Improper Input Validation

[7.0.0,7.0.28)

Improper Input Validation

[7.0.0,7.0.30)

Denial of Service (DoS)

[7.0.0,7.0.28)

Denial of Service (DoS)

[7.0.0,7.0.50)[8.0.0-RC1,8.0.0-RC10)

Information Exposure

[5.5.0,5.5.30)[6.0.0,6.0.28)[7.0.0,7.0.2)

Package versions

443 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
11.0.14	5 Nov, 2025	0 C 0 H 0 M 0 L
11.0.13	10 Oct, 2025	0 C 0 H 0 M 0 L
11.0.12	1 Oct, 2025	0 C 0 H 0 M 0 L
11.0.11	1 Sep, 2025	0 C 0 H 0 M 0 L
11.0.10	31 Jul, 2025	0 C 0 H 0 M 0 L
11.0.9	1 Jul, 2025	0 C 1 H 0 M 0 L
11.0.8	5 Jun, 2025	0 C 2 H 0 M 0 L
11.0.7	7 May, 2025	0 C 2 H 0 M 0 L
11.0.6	1 Apr, 2025	0 C 2 H 0 M 0 L
11.0.5	28 Feb, 2025	0 C 3 H 0 M 0 L