Maven package
org.apache.tomcat/tomcat-coyote
pkg:maven/org.apache.tomcat/tomcat-coyote
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5651 | Cri | 9.8 | >= 9.0.0.M1, < 9.0.0.M19 | 9.0.0.M19 | Apr 17, 2017 | In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This | |
| CVE-2016-6816 | Hig | 7.1 | >= 9.0.0.M1, < 9.0.0.M12 | 9.0.0.M12 | Mar 20, 2017 | The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characte | |
| CVE-2014-0095 | — | >= 8.0.0-RC1, < 8.0.4 | 8.0.4 | May 31, 2014 | java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing. | ||
| CVE-2014-0075 | — | < 6.0.40 | 6.0.40 | May 31, 2014 | Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed c |
- affected >= 9.0.0.M1, < 9.0.0.M19fixed 9.0.0.M19
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This
- affected >= 9.0.0.M1, < 9.0.0.M12fixed 9.0.0.M12
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characte
- CVE-2014-0095May 31, 2014affected >= 8.0.0-RC1, < 8.0.4fixed 8.0.4
java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.
- CVE-2014-0075May 31, 2014affected < 6.0.40fixed 6.0.40
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed c
Page 2 of 2