CVE-2016-8735
CVSS v3.1
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
73.74 % (98th)
Affected Products
19
Advisories
18
NVD Status
Analyzed
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- Apache Software Foundation
- Published Date
-
2017-04-06 21:59:00
(7 years ago) - Updated Date
-
2024-06-27 19:23:35
(2 months ago)
Apache Tomcat Remote Code Execution Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
- Required Action
- Apply updates per vendor instructions.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735
- Vendor
- Apache
- Product
- Tomcat
- In CISA Catalog from
-
2023-05-12
(16 months ago) - Due Date
-
2023-06-02
(15 months ago)
Affected Products
- Agile Engineering Data Management
- Agile Plm
- Communications Application Session Controller
- Communications Instant Messaging Server
- Communications Interactive Session Recorder
- Hospitality Guest Access
- Micros Relate Crm Software
- Micros Retail Xbri Loss Prevention
- Mysql Enterprise Monitor
- Retail Convenience And Fuel Pos Software
- Transportation Management
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Configuration #6
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...