[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-USN-3177-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":58,"duplicates":59,"related":60,"reserved_at":9,"published_at":72,"modified_at":73,"state":9,"summary":74,"references_raw":76,"kevs":128,"epss":9,"epss_history":129,"metrics":130,"affected":131},"USN-3177-1","tomcat6, tomcat7, tomcat8 vulnerabilities\n\nIt was discovered that the Tomcat realm implementations incorrectly handled\npasswords when a username didn't exist. A remote attacker could possibly\nuse this issue to enumerate usernames. This issue only applied to Ubuntu\n12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly\nlimited use of a certain utility method. A malicious application could\npossibly use this to bypass Security Manager restrictions. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications from untrusted\ndata in the HTTP_PROXY environment variable. A remote attacker could\npossibly use this issue to redirect outbound traffic to an arbitrary proxy\nserver. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading system\nproperties. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain configuration\nparameters. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to global JNDI\nresources. A malicious application could use this to access any global JNDI\nresource without an explicit ResourceLink. This issue only applied to\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered certain invalid\ncharacters from the HTTP request line. A remote attacker could possibly\nuse this issue to inject data into HTTP responses. (CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not\nimplement a recommended fix. A remote attacker could possibly use this\nissue to execute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error handling in the\nsend file code. A remote attacker could possibly use this issue to access\ninformation from other requests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly handled upgrades\nand removals. A local attacker could possibly use this issue to obtain\nroot privileges. (CVE-2016-9774, CVE-2016-9775)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56],{"_key":15},"CVE-2016-0762",{"_key":17},"CVE-2016-5018",{"_key":19},"CVE-2016-5388",{"_key":21},"CVE-2016-6794",{"_key":23},"CVE-2016-6796",{"_key":25},"CVE-2016-6797",{"_key":27},"CVE-2016-6816",{"_key":29},"CVE-2016-8735",{"_key":31},"CVE-2016-8745",{"_key":33},"CVE-2016-9774",{"_key":35},"CVE-2016-9775",{"_key":37},"UBUNTU-CVE-2016-0762",{"_key":39},"UBUNTU-CVE-2016-5018",{"_key":41},"UBUNTU-CVE-2016-5388",{"_key":43},"UBUNTU-CVE-2016-6794",{"_key":45},"UBUNTU-CVE-2016-6796",{"_key":47},"UBUNTU-CVE-2016-6797",{"_key":49},"UBUNTU-CVE-2016-6816",{"_key":51},"UBUNTU-CVE-2016-8735",{"_key":53},"UBUNTU-CVE-2016-8745",{"_key":55},"UBUNTU-CVE-2016-9774",{"_key":57},"UBUNTU-CVE-2016-9775",[],[],[61,62,63,64,65,66,67,68,69,70,71],{"_key":37},{"_key":51},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":53},{"_key":55},{"_key":57},"2017-01-23T18:24:10Z","2026-04-27T15:17:28.970889250Z",{"cisa_kev":75,"cisa_ransomware":75,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[77,83,88,92,96,100,104,108,112,116,120,124],{"url":78,"sources":79,"tags":81},"https://ubuntu.com/security/notices/USN-3177-1",[80],"osv_ubuntu",[82],"Advisory",{"url":84,"sources":85,"tags":86},"https://ubuntu.com/security/CVE-2016-0762",[80],[87],"REPORT",{"url":89,"sources":90,"tags":91},"https://ubuntu.com/security/CVE-2016-5018",[80],[87],{"url":93,"sources":94,"tags":95},"https://ubuntu.com/security/CVE-2016-5388",[80],[87],{"url":97,"sources":98,"tags":99},"https://ubuntu.com/security/CVE-2016-6794",[80],[87],{"url":101,"sources":102,"tags":103},"https://ubuntu.com/security/CVE-2016-6796",[80],[87],{"url":105,"sources":106,"tags":107},"https://ubuntu.com/security/CVE-2016-6797",[80],[87],{"url":109,"sources":110,"tags":111},"https://ubuntu.com/security/CVE-2016-6816",[80],[87],{"url":113,"sources":114,"tags":115},"https://ubuntu.com/security/CVE-2016-8735",[80],[87],{"url":117,"sources":118,"tags":119},"https://ubuntu.com/security/CVE-2016-8745",[80],[87],{"url":121,"sources":122,"tags":123},"https://ubuntu.com/security/CVE-2016-9774",[80],[87],{"url":125,"sources":126,"tags":127},"https://ubuntu.com/security/CVE-2016-9775",[80],[87],[],[],[],[132,144],{"ecosystem":133,"name":134,"vendor":135,"product":134,"cpe_part":9,"purl_type":136,"purl_namespace":135,"purl_name":134,"source":9,"versions":137},"Ubuntu","tomcat7","ubuntu","deb",[138],{"version":139,"is_range":140,"range_type":141,"version_start":9,"version_start_type":9,"version_end":142,"version_end_type":143,"fixed_in":9},"lt7_0_52_1ubuntu0_8",true,"ecosystem","7.0.52-1ubuntu0.8","excluding",{"ecosystem":133,"name":145,"vendor":135,"product":145,"cpe_part":9,"purl_type":136,"purl_namespace":135,"purl_name":145,"source":9,"versions":146},"tomcat8",[147],{"version":148,"is_range":140,"range_type":141,"version_start":9,"version_start_type":9,"version_end":149,"version_end_type":143,"fixed_in":9},"lt8_0_32_1ubuntu1_3","8.0.32-1ubuntu1.3"]