{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T12:09:33.014","vulnerabilities":[{"cve":{"id":"CVE-2016-6817","sourceIdentifier":"security@apache.org","published":"2017-08-10T22:29:00.233","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible."},{"lang":"es","value":"El parser de cabecera HTTP/2 en Apache Tomcat en sus versiones 9.0.0.M1 a 9.0.0.M11 y 8.5.0 a 8.5.6 entraba en un bucle infinito si la cabecera recibida era mayor que el búfer disponible. Esto hizo que fuese posible realizar un ataque de denegación de servicio."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*","matchCriteriaId":"69A7FC28-A0EC-4516-9776-700343D2F4DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*","matchCriteriaId":"18814653-6D44-47D9-A2F5-89C5AFB255F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"D4D811A9-4988-4C11-AA27-F5BE2B93D8D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"FAEF824D-7E95-4BC1-8DBB-787DCE595E21"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*","matchCriteriaId":"97F4A2B3-DB1D-4D0B-B5FF-7EE2A0D291BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*","matchCriteriaId":"0B461D5A-1208-498F-B551-46C6D514AC2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*","matchCriteriaId":"598E5D91-0165-4D55-9EDD-EBB5AAAD1172"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*","matchCriteriaId":"9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*","matchCriteriaId":"89B129B2-FB6F-4EF9-BF12-E589A87996CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*","matchCriteriaId":"8B6787B6-54A8-475E-BA1C-AB99334B2535"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"9F542E12-6BA8-4504-A494-DA83E7E19BD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"C0C5F004-F7D8-45DB-B173-351C50B0EC16"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"D1902D2E-1896-4D3D-9E1C-3A675255072C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*","matchCriteriaId":"49AAF4DF-F61D-47A8-8788-A21E317A145D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*","matchCriteriaId":"454211D0-60A2-4661-AECA-4C0121413FEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*","matchCriteriaId":"0686F977-889F-4960-8E0B-7784B73A7F2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*","matchCriteriaId":"558703AE-DB5E-4DFF-B497-C36694DD7B24"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*","matchCriteriaId":"ED6273F2-1165-47A4-8DD7-9E9B2472941B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94462","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037330","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a%40%3Cannounce.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://security.netapp.com/advisory/ntap-20180607-0001/","source":"security@apache.org"},{"url":"http://www.securityfocus.com/bid/94462","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037330","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a%40%3Cannounce.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20180607-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}