Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ce78-p29q-4khb

Summary security update

Aliases

alias	CVE-2016-9774

Fixed_packages

url	pkg:deb/debian/tomcat7@7.0.56-3%2Bdeb8u11
purl	pkg:deb/debian/tomcat7@7.0.56-3%2Bdeb8u11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat7@7.0.56-3%252Bdeb8u11

url pkg:deb/debian/tomcat8@8.0.14-1%2Bdeb8u11

purl pkg:deb/debian/tomcat8@8.0.14-1%2Bdeb8u11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-rq42-qvsy-hue6

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-xshb-a2kb-c7gs

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat8@8.0.14-1%252Bdeb8u11

Affected_packages

url pkg:deb/debian/tomcat7@7.0.28-4%2Bdeb7u4

purl pkg:deb/debian/tomcat7@7.0.28-4%2Bdeb7u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-866s-u6mh-1qh2

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-ce78-p29q-4khb

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g45v-nvj6-ekat

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-qrpd-nsdz-3ba5

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat7@7.0.28-4%252Bdeb7u4

url pkg:deb/debian/tomcat7@7.0.56-1~bpo70%2B3

purl pkg:deb/debian/tomcat7@7.0.56-1~bpo70%2B3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-866s-u6mh-1qh2

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-ce78-p29q-4khb

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g45v-nvj6-ekat

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-qrpd-nsdz-3ba5

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat7@7.0.56-1~bpo70%252B3

url pkg:deb/debian/tomcat7@7.0.56-3

purl pkg:deb/debian/tomcat7@7.0.56-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-866s-u6mh-1qh2

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-ce78-p29q-4khb

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g45v-nvj6-ekat

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-qrpd-nsdz-3ba5

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat7@7.0.56-3

url pkg:deb/debian/tomcat8@8.0.14-1~bpo70%2B2

purl pkg:deb/debian/tomcat8@8.0.14-1~bpo70%2B2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-ce78-p29q-4khb

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g45v-nvj6-ekat

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kp65-9ap8-yuau

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-qrpd-nsdz-3ba5

vulnerability	VCID-rq42-qvsy-hue6

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-xshb-a2kb-c7gs

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat8@8.0.14-1~bpo70%252B2

url pkg:deb/debian/tomcat8@8.0.14-1

purl pkg:deb/debian/tomcat8@8.0.14-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-ce78-p29q-4khb

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g45v-nvj6-ekat

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kp65-9ap8-yuau

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-qrpd-nsdz-3ba5

vulnerability	VCID-rq42-qvsy-hue6

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-xshb-a2kb-c7gs

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat8@8.0.14-1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9774

reference_id

reference_type

scores

value	0.0007
scoring_system	epss
scoring_elements	0.21588
published_at	2026-04-16T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21591
published_at	2026-04-13T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21565
published_at	2026-04-01T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21735
published_at	2026-04-02T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.2179
published_at	2026-04-04T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21541
published_at	2026-04-07T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21617
published_at	2026-04-08T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21675
published_at	2026-04-09T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21687
published_at	2026-04-11T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21648
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9774

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393
reference_id
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9774
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9774

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9775
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9775

reference_url	https://security.netapp.com/advisory/ntap-20180731-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180731-0002/

reference_url	http://www.debian.org/security/2016/dsa-3738
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3738

reference_url	http://www.debian.org/security/2016/dsa-3739
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3739

reference_url	http://www.openwall.com/lists/oss-security/2016/12/02/10
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/12/02/10

reference_url	http://www.openwall.com/lists/oss-security/2016/12/02/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/12/02/5

reference_url	http://www.securityfocus.com/bid/94643
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94643

reference_url	http://www.ubuntu.com/usn/USN-3177-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3177-1

reference_url	http://www.ubuntu.com/usn/USN-3177-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3177-2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:::::::*
reference_id	cpe:2.3:a:apache:tomcat:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0:::::::*
reference_id	cpe:2.3:a:apache:tomcat:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0:::::::*
reference_id	cpe:2.3:a:apache:tomcat:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9774

reference_id

CVE-2016-9774

reference_type

scores

value	7.2
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:C/I:C/A:C

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9774

reference_url	https://usn.ubuntu.com/3177-1/
reference_id	USN-3177-1
reference_type
scores
url	https://usn.ubuntu.com/3177-1/

Weaknesses

cwe_id	59
name	Improper Link Resolution Before File Access ('Link Following')
description	The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Exploits

Severity_range_score 7.2 - 7.8

Exploitability 0.5

Weighted_severity 7.0

Risk_score 3.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ce78-p29q-4khb

Vulnerability Instance