var-201708-0218
Vulnerability from variot
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause denial-of-service conditions. The following versions are affected: Apache Tomcat 9.0.0.M1 through 9.0.0.M11 Apache Tomcat 8.5.0 through 8.5.6
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0218", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "9.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.5.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.5.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.5.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.5.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.5.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.5.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.5.1" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "6.0.0 from 6.0.47" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "7.0.0 from 7.0.72" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "8.0.0.rc1 from 8.0.38" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "8.5.0 from 8.5.6" }, { "model": "tomcat", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "9.0.0.m1 from 9.0.0.m11" }, { "model": "mailshooter", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": null }, { "model": "simpwright", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6" }, { "model": "simpwright", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7" }, { "model": "spoolserver series", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "reportfiling ver5.2 to 6.2" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus component container", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 5" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 6" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version" }, { "model": "embedded cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "jp1/cm2/network node manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/network node manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for atm" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base(64)" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "programming environment for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "tomcat 9.0.0m8", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat 9.0.0m6", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat 9.0.0.m9", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat 9.0.0.m7", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat 9.0.0.m5", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat 9.0.0.m4", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat 9.0.0.m3", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat 9.0.0.m2", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat 9.0.0.m11", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat 9.0.0.m10", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat 9.0.0.m1", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "8.5.8" }, { "model": "tomcat 9.0.0.m13", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null } ], "sources": [ { "db": "BID", "id": "94462" }, { "db": "JVNDB", "id": "JVNDB-2016-007656" }, { "db": "CNNVD", "id": "CNNVD-201611-611" }, { "db": "NVD", "id": "CVE-2016-6817" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:tomcat", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:mailshooter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:simpwright", "vulnerable": true }, { "cpe22Uri": "cpe:/h:nec:spoolserver", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:embedded_cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_cm2_network_node_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_network_node_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:programming_environment_for_java", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007656" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "94462" } ], "trust": 0.3 }, "cve": "CVE-2016-6817", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2016-6817", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2016-6817", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2016-6817", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-6817", "trust": 1.0, "value": "HIGH" }, { "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "id": "CVE-2016-6817", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201611-611", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-6817", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6817" }, { "db": "CNNVD", "id": "CNNVD-201611-611" }, { "db": "NVD", "id": "CVE-2016-6817" }, { "db": "NVD", "id": "CVE-2016-6817" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a denial-of-service vulnerability. \nAttackers may leverage this issue to cause denial-of-service conditions. \nThe following versions are affected:\nApache Tomcat 9.0.0.M1 through 9.0.0.M11\nApache Tomcat 8.5.0 through 8.5.6", "sources": [ { "db": "NVD", "id": "CVE-2016-6817" }, { "db": "JVNDB", "id": "JVNDB-2016-007656" }, { "db": "BID", "id": "94462" }, { "db": "VULMON", "id": "CVE-2016-6817" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-6817", "trust": 2.8 }, { "db": "BID", "id": "94462", "trust": 2.0 }, { "db": "SECTRACK", "id": "1037330", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU92250735", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-007656", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201611-611", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2016-6817", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6817" }, { "db": "BID", "id": "94462" }, { "db": "JVNDB", "id": "JVNDB-2016-007656" }, { "db": "CNNVD", "id": "CNNVD-201611-611" }, { "db": "NVD", "id": "CVE-2016-6817" } ] }, "id": "VAR-201708-0218", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15072303 }, "last_update_date": "2024-11-23T20:53:15.475000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache Tomcat 8.0.39", "trust": 0.8, "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39" }, { "title": "Fixed in Apache Tomcat 7.0.73", "trust": 0.8, "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73" }, { "title": "Fixed in Apache Tomcat 6.0.48", "trust": 0.8, "url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48" }, { "title": "Fixed in Apache Tomcat 9.0.0.M13", "trust": 0.8, "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13" }, { "title": "Fixed in Apache Tomcat 8.5.8", "trust": 0.8, "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8" }, { "title": "hitachi-sec-2017-107", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-107/index.html" }, { "title": "hitachi-sec-2019-107", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-107/index.html" }, { "title": "NV17-002", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-002.html" }, { "title": "hitachi-sec-2017-107", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-107/index.html" }, { "title": "hitachi-sec-2019-107", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-107/index.html" }, { "title": "Apache Tomcat Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66020" }, { "title": "Red Hat: CVE-2016-6817", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-6817" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "rhsecapi", "trust": 0.1, "url": "https://github.com/RedHatOfficial/rhsecapi " }, { "title": "rhsecapi", "trust": 0.1, "url": "https://github.com/ryran/rhsecapi " }, { "title": "rhsecapi", "trust": 0.1, "url": "https://github.com/RedHatProductSecurity/cve-pylib " }, { "title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring", "trust": 0.1, "url": "https://github.com/ilmari666/cybsec " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6817" }, { "db": "JVNDB", "id": "JVNDB-2016-007656" }, { "db": "CNNVD", "id": "CNNVD-201611-611" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.0 }, { "problemtype": "CWE-835", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2016-6817" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.securityfocus.com/bid/94462" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1037330" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20180607-0001/" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a%40%3cannounce.tomcat.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3cdev.tomcat.apache.org%3e" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6816" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6817" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8735" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu92250735/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6817" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8735" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a@%3cannounce.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.3, "url": "http://tomcat.apache.org/" }, { "trust": 0.3, "url": "http://tomcat.apache.org/security-8.html" }, { "trust": 0.3, "url": "http://tomcat.apache.org/security-9.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2017-3431551.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6817" }, { "trust": 0.1, "url": "https://github.com/redhatofficial/rhsecapi" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6817" }, { "db": "BID", "id": "94462" }, { "db": "JVNDB", "id": "JVNDB-2016-007656" }, { "db": "CNNVD", "id": "CNNVD-201611-611" }, { "db": "NVD", "id": "CVE-2016-6817" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-6817" }, { "db": "BID", "id": "94462" }, { "db": "JVNDB", "id": "JVNDB-2016-007656" }, { "db": "CNNVD", "id": "CNNVD-201611-611" }, { "db": "NVD", "id": "CVE-2016-6817" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-10T00:00:00", "db": "VULMON", "id": "CVE-2016-6817" }, { "date": "2016-11-22T00:00:00", "db": "BID", "id": "94462" }, { "date": "2017-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007656" }, { "date": "2016-11-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201611-611" }, { "date": "2017-08-10T22:29:00.233000", "db": "NVD", "id": "CVE-2016-6817" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-08T00:00:00", "db": "VULMON", "id": "CVE-2016-6817" }, { "date": "2017-05-02T01:06:00", "db": "BID", "id": "94462" }, { "date": "2019-04-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007656" }, { "date": "2019-04-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201611-611" }, { "date": "2024-11-21T02:56:53.643000", "db": "NVD", "id": "CVE-2016-6817" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201611-611" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Tomcat Updates for multiple vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007656" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201611-611" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.