[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2016-0417":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":18,"duplicates":19,"related":20,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":52,"epss":9,"epss_history":53,"metrics":54,"affected":55},"MGASA-2016-0417","Updated tomcat package fixes security vulnerabilities\n\nThe code that parsed the HTTP request line permitted invalid characters.\nThis could be exploited, in conjunction with a proxy that also\npermitted the invalid characters but with a different interpretation, to\ninject data into the HTTP response. By manipulating the HTTP response\nthe attacker could poison a web-cache, perform an XSS attack and/or\nobtain sensitive information from requests other then their own\n(CVE-2016-6816).\n\nThe JmxRemoteLifecycleListener was not updated to take account of\nOracle's fix for CVE-2016-3427. Therefore, Tomcat installations using\nthis listener remained vulnerable to a similar remote code execution\nvulnerability. This issue has been rated as important rather than\ncritical due to the small number of installations using this listener\nand that it would be highly unusual for the JMX ports to be accessible\nto an attacker even when the listener is used (CVE-2016-8735).\n",null,[],[],[],[14,16],{"_key":15},"CVE-2016-6816",{"_key":17},"CVE-2016-8735",[],[],[21,22],{"_key":15},{"_key":17},"2016-12-11T22:44:05Z","2026-04-16T06:23:40.619888866Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28,34,39,44,48],{"url":29,"sources":30,"tags":32},"https://advisories.mageia.org/MGASA-2016-0417.html",[31],"osv_mageia",[33],"Advisory",{"url":35,"sources":36,"tags":37},"https://bugs.mageia.org/show_bug.cgi?id=19828",[31],[38],"REPORT",{"url":40,"sources":41,"tags":42},"http://openwall.com/lists/oss-security/2016/11/22/16",[31],[38,43],"WEB",{"url":45,"sources":46,"tags":47},"http://openwall.com/lists/oss-security/2016/11/22/17",[31],[38,43],{"url":49,"sources":50,"tags":51},"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",[31],[38,43],[],[],[],[56],{"ecosystem":57,"name":58,"vendor":59,"product":58,"cpe_part":9,"purl_type":60,"purl_namespace":59,"purl_name":58,"source":9,"versions":61},"Mageia","tomcat","mageia","rpm",[62],{"version":63,"is_range":64,"range_type":65,"version_start":9,"version_start_type":9,"version_end":66,"version_end_type":67,"fixed_in":9},"lt7_0_73_1_mga5",true,"ecosystem","7.0.73-1.mga5","excluding"]