Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-2mj1-8nz1-43cd

Summary

Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

Aliases

alias	CVE-2016-6817

alias	GHSA-698c-2x4j-g9gq

Fixed_packages

url pkg:apache/tomcat@8.5.8

purl pkg:apache/tomcat@8.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xa95-zsnk-3kg9

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.8

url pkg:apache/tomcat@9.0.0%2BM13

purl pkg:apache/tomcat@9.0.0%2BM13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xa95-zsnk-3kg9

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.0%252BM13

url	pkg:deb/debian/tomcat9@0?distro=trixie
purl	pkg:deb/debian/tomcat9@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@0%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.118-1%3Fdistro=trixie

url pkg:maven/org.apache.tomcat/tomcat@8.5.8

purl pkg:maven/org.apache.tomcat/tomcat@8.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-8xdc-3kn9-b3e6

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nndc-pabd-nbgf

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-xa95-zsnk-3kg9

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.8

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M13

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nndc-pabd-nbgf

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-xa95-zsnk-3kg9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M13

Affected_packages

url pkg:apache/tomcat@8.5.0

purl pkg:apache/tomcat@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-2mj1-8nz1-43cd

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-7fh9-36qs-jfg5

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-9gz4-7etq-pyba

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-jhm9-cqu3-7yce

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-m7ja-6efp-tyh1

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-qthw-u9bp-zkdp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rhtz-91ke-kfbj

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-xa95-zsnk-3kg9

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.0

url pkg:apache/tomcat@8.5.6

purl pkg:apache/tomcat@8.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2mj1-8nz1-43cd

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-y9hs-ymcm-3ucx

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.6

url pkg:apache/tomcat@9.0.0%2BM1

purl pkg:apache/tomcat@9.0.0%2BM1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-2mj1-8nz1-43cd

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-4uag-c2s8-ubcd

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5ebw-zerz-u7bh

vulnerability	VCID-5m85-3zyu-7qak

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-5ztb-ns6b-fuf9

vulnerability	VCID-6kdt-2q2t-aqgy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-7fh9-36qs-jfg5

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-9gz4-7etq-pyba

vulnerability	VCID-ac8p-uerd-ubfj

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-bxwn-g8gu-kkbn

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-e2gy-1c6a-6fdf

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-fukm-h3r6-s7cr

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-gqtv-jvn4-eqe5

vulnerability	VCID-hf8e-m14m-mbcx

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-hy8s-ks53-u3aq

vulnerability	VCID-j1m6-79yt-f7h5

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-jhm9-cqu3-7yce

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-m7ja-6efp-tyh1

vulnerability	VCID-n4zk-mdyw-3fcz

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-pmav-cxu6-1ua9

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-qthw-u9bp-zkdp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rhtz-91ke-kfbj

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-ujxe-ggfj-k3bh

vulnerability	VCID-vhbh-3a89-x7cw

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-xa95-zsnk-3kg9

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-xra9-q91u-rfd5

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-z4zd-puyg-g3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.0%252BM1

url pkg:apache/tomcat@9.0.0%2BM11

purl pkg:apache/tomcat@9.0.0%2BM11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2mj1-8nz1-43cd

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-nndc-pabd-nbgf

vulnerability	VCID-y9hs-ymcm-3ucx

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.0%252BM11

url pkg:maven/org.apache.tomcat/tomcat@8.5.0

purl pkg:maven/org.apache.tomcat/tomcat@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-2mj1-8nz1-43cd

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-7fh9-36qs-jfg5

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-9gz4-7etq-pyba

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-jhm9-cqu3-7yce

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-m7ja-6efp-tyh1

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-qthw-u9bp-zkdp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rhtz-91ke-kfbj

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-xa95-zsnk-3kg9

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.0

url pkg:maven/org.apache.tomcat/tomcat@8.5.6

purl pkg:maven/org.apache.tomcat/tomcat@8.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-2mj1-8nz1-43cd

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-8xdc-3kn9-b3e6

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.6

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-2mj1-8nz1-43cd

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-4uag-c2s8-ubcd

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5ebw-zerz-u7bh

vulnerability	VCID-5m85-3zyu-7qak

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-5ztb-ns6b-fuf9

vulnerability	VCID-6kdt-2q2t-aqgy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-7fh9-36qs-jfg5

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-9gz4-7etq-pyba

vulnerability	VCID-ac8p-uerd-ubfj

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-bxwn-g8gu-kkbn

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-e2gy-1c6a-6fdf

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-fukm-h3r6-s7cr

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-gqtv-jvn4-eqe5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-hf8e-m14m-mbcx

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-hy8s-ks53-u3aq

vulnerability	VCID-j1m6-79yt-f7h5

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-jhm9-cqu3-7yce

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-m7ja-6efp-tyh1

vulnerability	VCID-n4zk-mdyw-3fcz

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-pmav-cxu6-1ua9

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-qthw-u9bp-zkdp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rhtz-91ke-kfbj

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-ujxe-ggfj-k3bh

vulnerability	VCID-vhbh-3a89-x7cw

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-xa95-zsnk-3kg9

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-xra9-q91u-rfd5

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-z4zd-puyg-g3bz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M11

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-2mj1-8nz1-43cd

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dxkq-jhq6-qbad

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nndc-pabd-nbgf

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-wyf8-8szf-qbfn

vulnerability	VCID-y9hs-ymcm-3ucx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M11

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6817.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6817.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6817

reference_id

reference_type

scores

value	0.00759
scoring_system	epss
scoring_elements	0.73716
published_at	2026-06-05T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73679
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6817

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat85/commit/85c63227edabbfb4f2f500fc557480a190135d21
reference_id
reference_type
scores
url	https://github.com/apache/tomcat85/commit/85c63227edabbfb4f2f500fc557480a190135d21

reference_url

https://github.com/apache/tomcat/commit/079372fc7bac8e2e378942715c9ce26a4a72c07a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/079372fc7bac8e2e378942715c9ce26a4a72c07a

reference_url

https://github.com/apache/tomcat/commit/85c63227edabbfb4f2f500fc557480a190135d21

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/85c63227edabbfb4f2f500fc557480a190135d21

reference_url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a@%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a@%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20180607-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180607-0001

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1765794
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1765794

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1765798
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1765798

reference_url

https://web.archive.org/web/20180115024458/http://www.securitytracker.com/id/1037330

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20180115024458/http://www.securitytracker.com/id/1037330

reference_url

https://web.archive.org/web/20200227174145/http://www.securityfocus.com/bid/94462

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227174145/http://www.securityfocus.com/bid/94462

reference_url

http://www.securityfocus.com/bid/94462

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

http://www.securityfocus.com/bid/94462

reference_url

http://www.securitytracker.com/id/1037330

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:17Z/

url

http://www.securitytracker.com/id/1037330

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1397474
reference_id	1397474
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1397474

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817

reference_id

CVE-2016-6817

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6817

reference_id

CVE-2016-6817

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6817

reference_url	https://github.com/advisories/GHSA-698c-2x4j-g9gq
reference_id	GHSA-698c-2x4j-g9gq
reference_type
scores
url	https://github.com/advisories/GHSA-698c-2x4j-g9gq

Weaknesses

cwe_id	119
name	Improper Restriction of Operations within the Bounds of a Memory Buffer
description	The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

cwe_id	835
name	Loop with Unreachable Exit Condition ('Infinite Loop')
description	The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mj1-8nz1-43cd

Vulnerability Instance