Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-yxpq-rrry-j3h8

Summary The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

Aliases

alias	CVE-2016-6817

alias	GHSA-698c-2x4j-g9gq

Fixed_packages

url pkg:apache/tomcat@8.5.8

purl pkg:apache/tomcat@8.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hves-r5bg-yfes

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.8

url pkg:apache/tomcat@9.0.0%2BM13

purl pkg:apache/tomcat@9.0.0%2BM13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hves-r5bg-yfes

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.0%252BM13

url	pkg:deb/debian/tomcat9@0?distro=trixie
purl	pkg:deb/debian/tomcat9@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@0%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie

url pkg:maven/org.apache.tomcat/tomcat@8.5.8

purl pkg:maven/org.apache.tomcat/tomcat@8.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hdb-24e3-f3d6

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-39e3-jfbg-s3hk

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4tf3-7f5b-2ffu

vulnerability	VCID-6wvu-2rmc-mfhj

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-ran8-rnqn-tkbc

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-u3ck-cvgt-fuhd

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-xshb-a2kb-c7gs

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.8

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M13

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hdb-24e3-f3d6

vulnerability	VCID-4tf3-7f5b-2ffu

vulnerability	VCID-6wvu-2rmc-mfhj

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-u3ck-cvgt-fuhd

vulnerability	VCID-wbaq-j85q-y3c6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M13

Affected_packages

url pkg:apache/tomcat@8.5.0

purl pkg:apache/tomcat@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1hdb-24e3-f3d6

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-39e3-jfbg-s3hk

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4tf3-7f5b-2ffu

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-66kh-s6cr-tqf9

vulnerability	VCID-885s-t4dx-dybv

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-n3ab-nk7c-hqc9

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-p6pa-f1fg-hbhg

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-ran8-rnqn-tkbc

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-rzj2-4kcj-43dq

vulnerability	VCID-t2ne-75ck-eqcr

vulnerability	VCID-u3ck-cvgt-fuhd

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-vdnj-sqmx-e3ep

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-wgsc-dnn1-ukeq

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-yxpq-rrry-j3h8

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.0

url pkg:apache/tomcat@8.5.6

purl pkg:apache/tomcat@8.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-yxpq-rrry-j3h8

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.6

url pkg:apache/tomcat@9.0.0%2BM1

purl pkg:apache/tomcat@9.0.0%2BM1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-1hdb-24e3-f3d6

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-39e3-jfbg-s3hk

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-4tf3-7f5b-2ffu

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-66kh-s6cr-tqf9

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-885s-t4dx-dybv

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-9kfe-1esf-uydm

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-n3ab-nk7c-hqc9

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-t2ne-75ck-eqcr

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-u3ck-cvgt-fuhd

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-vdnj-sqmx-e3ep

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-wgsc-dnn1-ukeq

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-yxpq-rrry-j3h8

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.0%252BM1

url pkg:apache/tomcat@9.0.0%2BM11

purl pkg:apache/tomcat@9.0.0%2BM11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-6wvu-2rmc-mfhj

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-yxpq-rrry-j3h8

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.0%252BM11

url pkg:maven/org.apache.tomcat/tomcat@8.5.0

purl pkg:maven/org.apache.tomcat/tomcat@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1hdb-24e3-f3d6

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-39e3-jfbg-s3hk

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-4tf3-7f5b-2ffu

vulnerability	VCID-56jv-htmt-rkew

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-66kh-s6cr-tqf9

vulnerability	VCID-885s-t4dx-dybv

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-j6cj-ftyd-3ffa

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-n3ab-nk7c-hqc9

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-n9yk-e49f-n7e7

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-p6pa-f1fg-hbhg

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-ran8-rnqn-tkbc

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-rzj2-4kcj-43dq

vulnerability	VCID-t2ne-75ck-eqcr

vulnerability	VCID-u3ck-cvgt-fuhd

vulnerability	VCID-v7tp-1t4h-zqeg

vulnerability	VCID-vdnj-sqmx-e3ep

vulnerability	VCID-vsdf-4tfj-uybe

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-wgsc-dnn1-ukeq

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-yxpq-rrry-j3h8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.0

url pkg:maven/org.apache.tomcat/tomcat@8.5.6

purl pkg:maven/org.apache.tomcat/tomcat@8.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hdb-24e3-f3d6

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-39e3-jfbg-s3hk

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4tf3-7f5b-2ffu

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-b3bb-9ajg-sfc9

vulnerability	VCID-dy6m-zt6r-9ubd

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-j8tk-s915-pbfy

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-nmq2-8ysj-4fbc

vulnerability	VCID-ran8-rnqn-tkbc

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-u3ck-cvgt-fuhd

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-xshb-a2kb-c7gs

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-yxpq-rrry-j3h8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.6

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1e6p-cppr-2bh2

vulnerability	VCID-1hdb-24e3-f3d6

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-246u-a4rh-yyd4

vulnerability	VCID-2kku-pzer-9ufv

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-2x6a-3gh1-rkhs

vulnerability	VCID-39e3-jfbg-s3hk

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-43j2-w5xt-43g9

vulnerability	VCID-46bv-6b7y-3bca

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4cag-c4pb-dfaz

vulnerability	VCID-4tf3-7f5b-2ffu

vulnerability	VCID-5sgv-7nsz-5fa8

vulnerability	VCID-66kh-s6cr-tqf9

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-885s-t4dx-dybv

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-9kfe-1esf-uydm

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fpgj-82wf-ykbw

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-gb2v-96xj-ybad

vulnerability	VCID-gvhy-d4gm-57d3

vulnerability	VCID-gyed-x6s8-ybhr

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-k59r-wjt3-wqe5

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kukv-k3z7-7fgs

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-maw6-4qs5-ykae

vulnerability	VCID-n3ab-nk7c-hqc9

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-sr8e-w1qk-r7fz

vulnerability	VCID-t2ne-75ck-eqcr

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-u3ck-cvgt-fuhd

vulnerability	VCID-v8ku-sjc8-wfga

vulnerability	VCID-vdnj-sqmx-e3ep

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-wgsc-dnn1-ukeq

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-y9ne-rw7e-vugf

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-yxpq-rrry-j3h8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M11

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hdb-24e3-f3d6

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4tf3-7f5b-2ffu

vulnerability	VCID-6wvu-2rmc-mfhj

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-ayrd-8ntf-hkh3

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-k9cg-ehdw-dbh6

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-u3ck-cvgt-fuhd

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-xqjr-7xfw-mbh2

vulnerability	VCID-yxpq-rrry-j3h8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M11

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6817.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6817.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6817

reference_id

reference_type

scores

value	0.00759
scoring_system	epss
scoring_elements	0.73338
published_at	2026-04-11T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73268
published_at	2026-04-02T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73292
published_at	2026-04-04T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73264
published_at	2026-04-07T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73362
published_at	2026-04-18T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.733
published_at	2026-04-08T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73354
published_at	2026-04-16T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.7331
published_at	2026-04-13T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73318
published_at	2026-04-12T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73259
published_at	2026-04-01T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73313
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6817

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat85/commit/85c63227edabbfb4f2f500fc557480a190135d21
reference_id
reference_type
scores
url	https://github.com/apache/tomcat85/commit/85c63227edabbfb4f2f500fc557480a190135d21

reference_url

https://github.com/apache/tomcat/commit/079372fc7bac8e2e378942715c9ce26a4a72c07a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/079372fc7bac8e2e378942715c9ce26a4a72c07a

reference_url

https://github.com/apache/tomcat/commit/85c63227edabbfb4f2f500fc557480a190135d21

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/85c63227edabbfb4f2f500fc557480a190135d21

reference_url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a@%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a@%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20180607-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180607-0001

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1765794
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1765794

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1765798
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1765798

reference_url

https://web.archive.org/web/20180115024458/http://www.securitytracker.com/id/1037330

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20180115024458/http://www.securitytracker.com/id/1037330

reference_url

https://web.archive.org/web/20200227174145/http://www.securityfocus.com/bid/94462

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227174145/http://www.securityfocus.com/bid/94462

reference_url

http://www.securityfocus.com/bid/94462

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

http://www.securityfocus.com/bid/94462

reference_url

http://www.securitytracker.com/id/1037330

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

http://www.securitytracker.com/id/1037330

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1397474
reference_id	1397474
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1397474

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817

reference_id

CVE-2016-6817

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6817

reference_id

CVE-2016-6817

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6817

reference_url

https://github.com/advisories/GHSA-698c-2x4j-g9gq

reference_id

GHSA-698c-2x4j-g9gq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-698c-2x4j-g9gq

Weaknesses

cwe_id	119
name	Improper Restriction of Operations within the Bounds of a Memory Buffer
description	The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

cwe_id	835
name	Loop with Unreachable Exit Condition ('Infinite Loop')
description	The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yxpq-rrry-j3h8

Vulnerability Instance