org.apache.tomcat:tomcat-coyote@9.0.29 vulnerabilities
-
latest version
10.1.20
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.tomcat:tomcat-coyote package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Denial of Service (DoS) when processing a crafted HTTP/2 request. If the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed. How to fix Denial of Service (DoS)? Upgrade |
[8.5.0,8.5.99)
[9.0.0-M1,9.0.86)
[10.1.0-M1,10.1.19)
[11.0.0-M1,1.0.0-M17)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Information Exposure through an incomplete POST request, which triggers an error response that could contain data from a previous request from another user. How to fix Information Exposure? Upgrade |
[8.5.7,8.5.64)
[9.0.0-M11,9.0.44)
[10.0.0-M1,10.0.4)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Input Validation due to the improper handling of How to fix Improper Input Validation? Upgrade |
[8.5.0,8.5.94)
[9.0.0-M1,9.0.81)
[10.1.0-M1,10.1.14)
[11.0.0-M1,11.0.0-M12)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation. How to fix Denial of Service (DoS)? Upgrade |
[,8.5.94)
[9.0.0,9.0.81)
[10.0.0,10.1.14)
[11.0.0-M3,11.0.0-M12)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to HTTP Request Smuggling when improper requests containing an invalid Note: Exploiting this vulnerability is also possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. How to fix HTTP Request Smuggling? Upgrade |
[8.5.0,8.5.53)
[9.0.0-M1,9.0.68)
[10.0.0-M1,10.0.27)
[10.1.0-M1,10.1.1)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Denial of Service (DoS). When Tomcat is configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially-crafted packet could be used to trigger an infinite loop resulting in a denial of service. How to fix Denial of Service (DoS)? Upgrade |
[10.0.0,10.0.4)
[8.0.0,8.5.64)
[9.0.0,9.0.44)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to HTTP Request Smuggling. Tomcat does not correctly parse the HTTP transfer-encoding request header in some circumstances, leading to the possibility of request smuggling when used with a reverse proxy. Specifically, Tomcat incorrectly ignores the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; it honours the identify encoding; and it does not ensure that, if present, the chunked encoding was the final encoding. How to fix HTTP Request Smuggling? Upgrade |
[10.0.0-M1,10.0.7)
[9.0.0.M1,9.0.48)
[8.5.0,8.5.68)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to HTTP Request Smuggling. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. How to fix HTTP Request Smuggling? Upgrade |
[10.0.0-M1,10.0.2)
[9.0.0.M1,9.0.43)
[8.5.0,8.5.63)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to HTTP Request Smuggling. If an HTTP/2 client connecting to Apache Tomcat exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. How to fix HTTP Request Smuggling? Upgrade |
[10.0.0-M1,10.0.0-M8)
[9.0.0.M5,9.0.38)
[8.5.1,8.5.58)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Denial of Service (DoS). An How to fix Denial of Service (DoS)? Upgrade |
[10.0.0-M1,10.0.0-M7)
[9.0.0.M5,9.0.37)
[8.5.1,8.5.57)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Denial of Service (DoS). A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. How to fix Denial of Service (DoS)? Upgrade |
[8.5.0,8.5.56)
[9.0.0.M1,9.0.36)
[10.0.0-M1,10.0.0-M6)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to HTTP Request Smuggling. Invalid How to fix HTTP Request Smuggling? Upgrade |
[7.0.98,7.0.100)
[8.5.48,8.5.51)
[9.0.28,9.0.31)
|
org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Arbitrary File Upload. This is enabled by default with a default configuration port of How to fix Arbitrary File Upload? Upgrade |
[9.0.0,9.0.31)
[8.0.0,8.5.51)
[,7.0.100)
|