Package impact
MAVEN / org.apache.tomcat:tomcat-coyote
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | high | 7.5 | 9.0 | 3y ago | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |||
| CVE-2026-24880 | high | — | 8.0 | 2mo ago | Apache Tomcat has an HTTP Request/Response Smuggling vulnerability | |||
| CVE-2026-29129 | high | — | 8.0 | 2mo ago | Apache Tomcat: Configured cipher preference order not preserved | |||
| CVE-2020-13934 | high | — | 8.0 | 4y ago | Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat | |||
| CVE-2019-0199 | high | — | 8.0 | 6y ago | Apache Tomcat Denial of Service vulnerability | |||
| CVE-2025-48989 | high | 7.5 | 7.5 | 9mo ago | RHSA-2025:14177: tomcat security update (Important) |