pkg:Maven/org.apache.tomcat:tomcat-coyote

26 total CVEsCRITICAL1HIGH16MEDIUM7

✅ Check your installed version

All known vulnerabilities

  • MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
    >= 11.0.0-M1, < 11.0.0-M12
  • CRITICAL9.8CVE-2017-5651Expected Behavior Violation in Apache Tomcat
    >= 9.0.0.M1, < 9.0.0.M19
  • HIGH7.5CVE-2026-24880Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
    >= 7.0.0, < 9.0.116
  • HIGH7.5CVE-2026-29129Apache Tomcat: Configured cipher preference order not preserved
    >= 9.0.114, < 9.0.116
  • HIGH7.5CVE-2026-24734Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass
    >= 11.0.0-M1, < 11.0.18
  • HIGH7.5CVE-2025-48989Apache Tomcat Improper Resource Shutdown or Release vulnerability
    >= 11.0.0-M1, < 11.0.10
  • HIGH7.5CVE-2025-53506Apache Tomcat: DoS via excessive h2 streams at connection start
    >= 11.0.0-M1, < 11.0.9
  • HIGH7.5CVE-2025-31650Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame
    >= 9.0.76, < 9.0.104
  • HIGH7.5CVE-2024-34750Apache Tomcat: HTTP/2 excess header handling DoS
    >= 11.0.0-M1, < 11.0.0-M21
  • HIGH7.5CVE-2024-24549Apache Tomcat: HTTP/2 header handling DoS
    >= 11.0.0-M1, < 11.0.0-M17
  • HIGH7.5CVE-2023-28709Apache Tomcat: Fix for CVE-2023-24998 is incomplete
    >= 8.5.85, < 8.5.88
  • HIGH7.5CVE-2023-34981Apache Tomcat: AJP response header mix-up
    >= 8.5.88, < 8.5.89
  • HIGH7.5CVE-2023-24998tomcat9 - security update
    >= 10.1.0-M1, < 10.1.5
  • HIGH7.5CVE-2022-42252Apache Tomcat request smuggling via malformed content-length
    >= 9.0.0-M1, < 9.0.68
  • HIGH7.5CVE-2020-17527Apache Tomcat: Request header mix-up between HTTP/2 streams
    >= 10.0.0-M1, < 10.0.0-M10
  • HIGH7.5CVE-2020-13934Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
    >= 10.0.0-M1, < 10.0.0-M6
  • HIGH7.5CVE-2019-0199Apache Tomcat Denial of Service vulnerability
    >= 9.0.0, < 9.0.16
  • HIGH7.1CVE-2016-6816tomcat7 - security update
    >= 9.0.0.M1, < 9.0.0.M12
  • MEDIUM6.5CVE-2024-52317Apache Tomcat: Request/response mix-up with HTTP/2
    >= 9.0.92, < 9.0.96
  • MEDIUM5.9CVE-2023-42794Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows
    >= 9.0.70, < 9.0.81
  • MEDIUM5.3CVE-2026-32990Apache Tomcat has an Improper Input Validation vulnerability
    >= 9.0.113, < 9.0.116
  • MEDIUM5.3CVE-2024-21733Apache Tomcat: Leaking of unrelated request bodies in default error page
    >= 9.0.0-M11, < 9.0.44
  • MEDIUM5.3CVE-2023-42795Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests
    >= 11.0.0-M1, < 11.0.0-M12
  • MEDIUM4.3CVE-2020-13943tomcat9 - security update
    >= 10.0.0-M1, < 10.0.0-M8
  • CVE-2014-0095Denial of service in Apache Tomcat
    >= 8.0.0-RC1, < 8.0.4
  • CVE-2014-0075Integer Overflow or Wraparound in Apache Tomcat
    from 0, < 6.0.40