tomcat:tomcat-coyote@3.3.2 vulnerabilities

latest version

5.5.23

first published

19 years ago

latest version published

17 years ago

licenses detected

Apache-2.0
[0,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the tomcat:tomcat-coyote package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Information Exposure tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat. Affected versions of this package are vulnerable to Information Exposure. Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. How to fix Information Exposure? There is no fixed version for `tomcat:tomcat-coyote`.	[0,)
M Denial of Service (DoS) tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat. Affected versions of this package are vulnerable to Denial of Service (DoS). Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. How to fix Denial of Service (DoS)? Upgrade `tomcat:tomcat-coyote` to version 5.5.24 or higher.	[3.3.2,5.5.24)

Information Exposure

tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat.

Affected versions of this package are vulnerable to Information Exposure. Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header.

NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

How to fix Information Exposure?

There is no fixed version for tomcat:tomcat-coyote.

[0,)

Denial of Service (DoS)

tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat.

Affected versions of this package are vulnerable to Denial of Service (DoS). Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

How to fix Denial of Service (DoS)?

Upgrade tomcat:tomcat-coyote to version 5.5.24 or higher.

[3.3.2,5.5.24)

Go back to all versions of this package