CyberSecurityBoard
Sponsor Register Login

Apache Tomcat Coyote Vulnerability Let Attackers Trigger DoS Attack

First noted in the National Vulnerability Database five days ago, the weakness stems from Coyote’s failure to enforce a hard cap on concurrent streams when an HTTP/2 client never acknowledges the server’s initial SETTINGS frame. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. GitHub analysts subsequently traced the issue to a race condition introduced during the refactor that added dynamic stream limits, publishing proof-of-concept traffic captures that reliably crash unpatched builds. Modern reverse proxies that enforce a SETTINGS-ack timeout or hard stream ceiling neutralize the attack, making upstream mitigation practical until full patch deployment. By repeatedly initiating streams that are never closed, a remote attacker can exhaust the server’s thread pool and force the container into a prolonged denial-of-service state, even though confidentiality and integrity remain unaffected. A newly disclosed flaw in Apache Tomcat’s Coyote engine—tracked as CVE-2025-53506—has surfaced in the latest round of HTTP/2 security advisories. Apache has released fixed versions 11.0.9, 10.1.43, and 9.0.107; administrators that cannot upgrade immediately should at least disable HTTP/2 or limit maxConcurrentStreams at the reverse-proxy layer to avoid service interruptions. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Because the exploit rides ordinary TCP port 443 traffic, firewalls see nothing suspicious; attack complexity remains low, and no credentials are required. Because Tomcat allocates a worker per stream before receiving any actual data, each orphaned stream ties up a thread indefinitely. CVSS v4 scores the flaw 6.3, tagging availability as High while leaving other impact metrics at None, underscoring its DoS-centric profile.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 15 Jul 2025 19:10:13 +0000


Cyber News related to Apache Tomcat Coyote Vulnerability Let Attackers Trigger DoS Attack

'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps - In all, it represents a notable evolution in Brazil's thriving market for financial malware - and could spell big trouble down the line for security teams if it expands its focus. It may be a Brazil-focused threat to consumers for now, but as ...
1 year ago Darkreading.com
CVE-2020-8022 - A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise ...
4 years ago
Apache Tomcat Coyote Vulnerability Let Attackers Trigger DoS Attack - First noted in the National Vulnerability Database five days ago, the weakness stems from Coyote’s failure to enforce a hard cap on concurrent streams when an HTTP/2 client never acknowledges the server’s initial SETTINGS frame. Cyber Security ...
6 hours ago Cybersecuritynews.com CVE-2025-53506
Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild - Critical vulnerabilities in Apache Tomcat and Apache Camel are being actively exploited by cybercriminals worldwide, with security researchers documenting over 125,000 attack attempts across more than 70 countries since their disclosure in March ...
1 week ago Cybersecuritynews.com CVE-2025-24813
Hackers Exploiting Apache Tomcat Vulnerability to Steal SSH Credentials & Gain Server Control - The attack chain begins with brute-force attempts against Tomcat management consoles using commonly weak credentials, such as username “Tomcat” and password “123456” to gain initial access to vulnerable servers. Once ...
3 months ago Cybersecuritynews.com
Critical RCE flaw in Apache Tomcat actively exploited in attacks - The attacker then sends a GET request with a JSESSIONID cookie pointing to the uploaded session file, forcing Tomcat to deserialize and execute the malicious Java code, granting complete control to the attacker. Tomcat users may also mitigate the ...
3 months ago Bleepingcomputer.com CVE-2025-24813
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com
CVE-2005-2090 - Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: ...
6 years ago
Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit - Wallarm security researchers have confirmed active exploitation attempts, warning that traditional security tools fail to detect these attacks because the PUT requests appear normal and malicious content is obfuscated using base64 encoding. The ...
3 months ago Cybersecuritynews.com CVE-2025-24813
CVE-2024-56337 - Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was ...
6 months ago Tenable.com CVE-2024-50379
CVE-2020-1938 - When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available ...
3 years ago
CVE-2023-39913 - Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. ...
5 months ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Tomcat Vulnerability Exploited in the Wild to Take Over Apache Tomcat Servers - “We strongly urge all users to update immediately given the critical nature of this vulnerability and evidence of active exploitation,” stated the Apache Tomcat security team in their advisory. A critical remote code execution ...
3 months ago Cybersecuritynews.com CVE-2025-24813
Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug - Concerns are high over a critical, recently disclosed remote code execution vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java ...
1 year ago Darkreading.com CVE-2023-50164
Apache Tomcat Vulnerability Let Bypass Rules & Trigger DoS Condition - Identified as CVE-2025-31650, this high-severity vulnerability affects multiple Tomcat versions, posing a significant security risk to organizations relying on this popular Java application server. When attackers send numerous malformed requests ...
2 months ago Cybersecuritynews.com CVE-2025-31650
The Threat That Can't Be Ignored: CVE-2023-46604 in Apache ActiveMQ - There is another vulnerability that demands immediate attention, despite not receiving the level of recognition it truly deserves in the media. Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a Remote Code Execution flaw rated at a ...
1 year ago Cybersecurity-insiders.com CVE-2023-46604 Andariel
CVE-2016-6325 - The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging ...
2 years ago
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
1 year ago Bleepingcomputer.com CVE-2023-49070 CVE-2023-51467
Warfare and Geopolitics are Fuelling Denial-of-Service Attacks - The analysis is based on 310 verified Denial-of-Service incidents during the reporting period of January 2022 to August 2023. A large-scale study is also included of publicly reported incidents. The study focuses on the motivations of attackers, ...
1 year ago Enisa.europa.eu
Real-Time Data Warehousing Based on Apache Doris - This is a whole-journey guide for Apache Doris users, especially those from the financial sector, which requires a high level of data security and availability. If you don't know how to build a real-time data pipeline and make the most of the Apache ...
1 year ago Feeds.dzone.com
Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers - The flaw exploits Apache Tomcat’s handling of partial PUT requests and path equivalence, allowing attackers to bypass security constraints and execute arbitrary code without authentication under specific conditions. Successful exploitation ...
3 months ago Cybersecuritynews.com
Hackers Actively Exploiting Apache Tomcat Servers Exploiting CVE-2025-24813 - Patch Now - The vulnerability, first disclosed on March 10, 2025, has already seen exploitation attempts beginning just 30 hours after the public release of proof-of-concept (PoC) code. GreyNoise Intelligence has identified four unique IP addresses that have ...
3 months ago Cybersecuritynews.com CVE-2025-24813
Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks - The vulnerabilities exploit different attack vectors, including HTTP/2 protocol weaknesses, file upload mechanisms, and stream handling capabilities. Organizations running affected versions should immediately upgrade to Apache Tomcat 9.0.107 to ...
6 days ago Cybersecuritynews.com
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
1 year ago Bleepingcomputer.com CVE-2023-46604

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)