ROOT-APP-MAVEN-CVE-2025-48989 CVE-2025-48989 in io.root.org.apache.tomcat:tomcat-coyote - Patched by Root

Root has patched CVE-2025-48989 in the io.root.org.apache.tomcat:tomcat-coyote package for Root:Maven. Multiple fixed versions available...

geronimo:geronimo-tomcat (>=1.0 <=1.1.1), geronimo:geronimo-tomcat-builder (>=1.0 <=1.1.1) +17 more potentially affected by CVE-2026-41293 via tomcat:tomcat-coyote (>=5.5.15 <=5.5.9)

tomcat:tomcat-coyote MAVEN version =5.5.15, =1.0, =1.0, =1.1.1 - geronimo:tomcat =1.0 - org.apache.geronimo.assemblies:geronimo-tomcat-minimal =1.2-beta - org.apache.geronimo.configs:ca-helper-tomcat =1.2-beta - org.apache.geronimo.configs:dojo-tomcat =1.2-beta -...

Improper Validation of Syntactic Correctness of Input

Overview tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the processing of HTTP/2 request headers. An attacker can cause unexpected behavior or potentially compromise the...

Improper Validation of Syntactic Correctness of Input

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the processing of HTTP/2 request headers. An attacker can cause unexpected behavior or potentially compromi...

br.com.arsmachina:tapestry-url-rewriter (>=1.0.1 <=2.0.0), com.butor:butor-mule (>=1.0.3 <=1.0.18) +167 more potentially affected by CVE-2026-41293 via org.apache.tomcat:coyote (>=6.0.13 <=6.0.53)

org.apache.tomcat:coyote MAVEN version =6.0.13, =1.0.1, =1.0.3, =1.5, =1.8.2, =1.40, =1.40, =1.40, =2.3.0, =2.3.0, =1.0.b1, =20250815, =20260429 and more Source cves: CVE-2026-41293 Source advisory: SNYK:JAVA-ORGAPACHETOMCAT-16691219...

Timing Attack

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Timing Attack via AJP secret comparison. An attacker can perform a timing side-channel attack to determine whether a guessed secret is correct by sending many...

org.apache.tomee.bom:tomee-microprofile (>=10.0.0 <=10.0.0-M3), org.apache.tomee.bom:tomee-plume (>=10.0.0 <=10.0.0-M3) +2 more potentially affected by CVE-2026-34500 via org.apache.tomcat:tomcat-coyote-ffm (>=10.1.30 <=10.1.52)

org.apache.tomcat:tomcat-coyote-ffm MAVEN version =10.1.30, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.1.4 Source cves: CVE-2026-34500 Source advisory: OSV:GHSA-24J9-X2WG-9QV6...

Improper Certificate Validation

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Certificate Validation in getSSLHostConfig, which does not sufficiently account for all protocol host name inputs. An attacker can access sensitive...

HTTP Request Smuggling

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to HTTP Request Smuggling in ChunkedInputFilter, when handling HTTP/1.1 requests with invalid chunk extensions. An attacker can interfere with the interpretation of HT...

Improper Authentication

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. An attacker can trigger a soft-fail of OCSP checks when...

Improper Authentication

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. In some "edge cases", an attacker can trigger a soft-fail...

Use of a Broken or Risky Cryptographic Algorithm

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm which may arise due to improper preservation of the configured cipher preference order. An attacker who can control...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. An attacker can trigger a soft-fail of OCSP checks when soft-fail is disabled. Remediation Upgrade...

org.apache.tomee.bom:tomee-microprofile (>=10.0.0 <=10.0.0-M3), org.apache.tomee.bom:tomee-plume (>=10.0.0 <=10.0.0-M3) +2 more potentially affected by CVE-2026-29145 via org.apache.tomcat:tomcat-coyote-ffm (>=10.1.30 <=10.1.52)

org.apache.tomcat:tomcat-coyote-ffm MAVEN version =10.1.30, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.1.4 Source cves: CVE-2026-29145 Source advisory: SNYK:JAVA-ORGAPACHETOMCAT-15989807...

Improper Certificate Validation

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Certificate Validation in the SNI extension, when client certificate authentication relies exclusively on the Connector and is not enforced in the web...

org.apache.tomee.bom:tomee-microprofile (>=10.0.0 <=10.0.0-M3), org.apache.tomee.bom:tomee-plume (>=10.0.0 <=10.0.0-M3) +2 more potentially affected by CVE-2026-24734 via org.apache.tomcat:tomcat-coyote-ffm (>=10.1.30 <=10.1.49)

org.apache.tomcat:tomcat-coyote-ffm MAVEN version =10.1.30, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.1.3 Source cves: CVE-2026-24734 Source advisory: SNYK:JAVA-ORGAPACHETOMCAT-15307823...

Improper Authorization

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Authorization in prepareRequestProtocol, which accepts HTTP/0.9 requests other than GET. A security constraint configured to allow HEAD requests to a URI b...

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 5.12.2, 5.13.0, 5.14.0, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Service Management Data Center and Server. This DoS Denial of Service vulnerability, with a...

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 9.12.2, 9.13.0, 9.14.0, 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score ...

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 5.12.0, 10.3.0, 10.7.1, and 11.0.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...