{"url":"http://public2.vulnerablecode.io/api/packages/578917?format=json","purl":"pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.4.3","type":"maven","namespace":"org.apache.jackrabbit","name":"jackrabbit-parent","version":"2.4.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.6","latest_non_vulnerable_version":"2.13.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74250?format=json","vulnerability_id":"VCID-qq1w-n334-tydb","summary":"Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6801","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58422","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58471","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58455","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58477","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58468","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58469","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6801"},{"reference_url":"https://github.com/apache/jackrabbit","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/jackrabbit"},{"reference_url":"https://github.com/apache/jackrabbit/commit/09393f93862923e4c8a2f8c7d1236e1a5d3373b5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/09393f93862923e4c8a2f8c7d1236e1a5d3373b5"},{"reference_url":"https://github.com/apache/jackrabbit/commit/16f2f02fcaef6202a2bf24c449d4fd10eb98f08d","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/jackrabbit/commit/16f2f02fcaef6202a2bf24c449d4fd10eb98f08d"},{"reference_url":"https://github.com/apache/jackrabbit/commit/283df6f101676579086400e30e8dd42eacd5ef33","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/283df6f101676579086400e30e8dd42eacd5ef33"},{"reference_url":"https://github.com/apache/jackrabbit/commit/30318d5aef7bf494e579a86f45c79b18b204a997","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/30318d5aef7bf494e579a86f45c79b18b204a997"},{"reference_url":"https://github.com/apache/jackrabbit/commit/43accb855897b0d82393d47420e25a1e4a569211","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/43accb855897b0d82393d47420e25a1e4a569211"},{"reference_url":"https://github.com/apache/jackrabbit/commit/4908cb64317122cdd3e096ebe8c32bd98d2ed8b7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/4908cb64317122cdd3e096ebe8c32bd98d2ed8b7"},{"reference_url":"https://github.com/apache/jackrabbit/commit/884ede7db1c6ca490fcbb8238762b000a25f82c3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/884ede7db1c6ca490fcbb8238762b000a25f82c3"},{"reference_url":"https://github.com/apache/jackrabbit/commit/8dde23b63151417769eaca112fbbae9a52c47ff3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/8dde23b63151417769eaca112fbbae9a52c47ff3"},{"reference_url":"https://github.com/apache/jackrabbit/commit/987168c04327fd4fbbb4fb9d13ae92d5ca888386","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/987168c04327fd4fbbb4fb9d13ae92d5ca888386"},{"reference_url":"https://github.com/apache/jackrabbit/commit/cab86cdfb7829b66c89196dfb6095f0faa5aa3c3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/cab86cdfb7829b66c89196dfb6095f0faa5aa3c3"},{"reference_url":"https://github.com/apache/jackrabbit/commit/d6e86e4350989af3eb3eb0429d6e4d4d6bd40e5c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/d6e86e4350989af3eb3eb0429d6e4d4d6bd40e5c"},{"reference_url":"https://github.com/apache/jackrabbit/commit/db26ade17d791bbb4e4771ed9650ec1159a541ff","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/db26ade17d791bbb4e4771ed9650ec1159a541ff"},{"reference_url":"https://github.com/apache/jackrabbit/commit/ea75d7c2aeaafecd9ab97736bf81c5616f703244","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/jackrabbit/commit/ea75d7c2aeaafecd9ab97736bf81c5616f703244"},{"reference_url":"https://github.com/apache/jackrabbit/commit/eae001a54aae9c243ac06b5c8f711b2cb2038700","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/jackrabbit/commit/eae001a54aae9c243ac06b5c8f711b2cb2038700"},{"reference_url":"https://github.com/apache/jackrabbit/commit/f05620fb3f4c72429c9856ab7f63a9ac8ca90acf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/f05620fb3f4c72429c9856ab7f63a9ac8ca90acf"},{"reference_url":"https://github.com/apache/jackrabbit/commit/f0bd17956647cf09cc898d30e7d58221ef409bca","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/jackrabbit/commit/f0bd17956647cf09cc898d30e7d58221ef409bca"},{"reference_url":"https://issues.apache.org/jira/browse/JCR-4009","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/JCR-4009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6801","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6801"},{"reference_url":"https://web.archive.org/web/20210123170657/http://www.securityfocus.com/bid/92966","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123170657/http://www.securityfocus.com/bid/92966"},{"reference_url":"http://www.debian.org/security/2016/dsa-3679","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3679"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/09/14/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/09/14/6"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838204","reference_id":"838204","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838204"},{"reference_url":"https://github.com/advisories/GHSA-9fc7-rhq3-wm7x","reference_id":"GHSA-9fc7-rhq3-wm7x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9fc7-rhq3-wm7x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/502995?format=json","purl":"pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.4.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/502996?format=json","purl":"pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.6.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.6.6"},{"url":"http://public2.vulnerablecode.io/api/packages/578926?format=json","purl":"pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.6.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/502997?format=json","purl":"pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.8.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/578934?format=json","purl":"pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.10.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.10.4"},{"url":"http://public2.vulnerablecode.io/api/packages/502998?format=json","purl":"pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.12.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.12.4"},{"url":"http://public2.vulnerablecode.io/api/packages/502999?format=json","purl":"pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.13.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.13.3"}],"aliases":["CVE-2016-6801","GHSA-9fc7-rhq3-wm7x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qq1w-n334-tydb"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-parent@2.4.3"}