org.apache.tomcat:tomcat-coyote@10.1.0-M14 vulnerabilities
-
latest version
11.0.0
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.tomcat:tomcat-coyote package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[9.0.13,9.0.90)
[10.1.0-M1,10.1.25)
[11.0.0-M1,11.0.0-M21)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Insufficient Session Expiration due to an infinite timeout being assigned to an open connection improperly, in How to fix Insufficient Session Expiration? Upgrade |
[,9.0.90)
[10.1.0-M1,10.1.25)
[11.0.0-M1,11.0.0-M21)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Denial of Service (DoS) when processing a crafted HTTP/2 request. If the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed. How to fix Denial of Service (DoS)? Upgrade |
[8.5.0,8.5.99)
[9.0.0-M1,9.0.86)
[10.1.0-M1,10.1.19)
[11.0.0-M1,1.0.0-M17)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Input Validation due to the improper handling of How to fix Improper Input Validation? Upgrade |
[8.5.0,8.5.94)
[9.0.0-M1,9.0.81)
[10.1.0-M1,10.1.14)
[11.0.0-M1,11.0.0-M12)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation. How to fix Denial of Service (DoS)? Upgrade |
[,8.5.94)
[9.0.0,9.0.81)
[10.0.0,10.1.14)
[11.0.0-M3,11.0.0-M12)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to HTTP Request Smuggling when improper requests containing an invalid Note: Exploiting this vulnerability is also possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. How to fix HTTP Request Smuggling? Upgrade |
[8.5.0,8.5.53)
[9.0.0-M1,9.0.68)
[10.0.0-M1,10.0.27)
[10.1.0-M1,10.1.1)
|