tomcat:tomcat-coyote 4.1.34 vulnerabilities

Known vulnerabilities in the tomcat:tomcat-coyote package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Information Exposure tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat. Affected versions of this package are vulnerable to Information Exposure. The previous fix for `CVE-2007-3385` was incomplete. It did not consider the use of quotes or `%5C` within a cookie value which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. How to fix Information Exposure? There is no fixed version for `tomcat:tomcat-coyote`.	[4.1.0,)
M Information Exposure tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat. Affected versions of this package are vulnerable to Information Exposure. Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. How to fix Information Exposure? There is no fixed version for `tomcat:tomcat-coyote`.	[0,)
M Denial of Service (DoS) tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat. Affected versions of this package are vulnerable to Denial of Service (DoS). Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. How to fix Denial of Service (DoS)? Upgrade `tomcat:tomcat-coyote` to version 5.5.24 or higher.	[3.3.2,5.5.24)

Vulnerability

Vulnerable Version

Information Exposure

tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat.

Affected versions of this package are vulnerable to Information Exposure. The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

How to fix Information Exposure?

There is no fixed version for tomcat:tomcat-coyote.

[4.1.0,)

Information Exposure

tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat.

Affected versions of this package are vulnerable to Information Exposure. Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header.

NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

How to fix Information Exposure?

There is no fixed version for tomcat:tomcat-coyote.

[0,)

Denial of Service (DoS)

tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat.

Affected versions of this package are vulnerable to Denial of Service (DoS). Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

How to fix Denial of Service (DoS)?

Upgrade tomcat:tomcat-coyote to version 5.5.24 or higher.

[3.3.2,5.5.24)

tomcat:tomcat-coyote@4.1.34 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?