9.8
CVE-2016-8735
- EPSS 93.9%
- Veröffentlicht 06.04.2017 21:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle security@apache.org
- Teams Watchlist Login
- Unerledigt Login
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Netapp ≫ 7-mode Transition Tool Version-
Netapp ≫ Oncommand Insight Version-
Netapp ≫ Oncommand Shift Version-
Netapp ≫ Snap Creator Framework Version-
Debian ≫ Debian Linux Version8.0
Redhat ≫ Jboss Enterprise Web Server Version3.0.0
Oracle ≫ Agile Engineering Data Management Version6.1.3
Oracle ≫ Agile Engineering Data Management Version6.2.0
Oracle ≫ Agile Engineering Data Management Version6.2.1.0
Oracle ≫ Communications Application Session Controller Version3.7.1
Oracle ≫ Communications Application Session Controller Version3.8.0
Oracle ≫ Communications Instant Messaging Server Version10.0.1
Oracle ≫ Communications Interactive Session Recorder Version6.0
Oracle ≫ Communications Interactive Session Recorder Version6.1
Oracle ≫ Communications Interactive Session Recorder Version6.2
Oracle ≫ Hospitality Guest Access Version4.2.0
Oracle ≫ Hospitality Guest Access Version4.2.1
Oracle ≫ Micros Relate Crm Software Version10.8
Oracle ≫ Micros Relate Crm Software Version11.4
Oracle ≫ Micros Retail Xbri Loss Prevention Version10.0.1
Oracle ≫ Micros Retail Xbri Loss Prevention Version10.5.0
Oracle ≫ Micros Retail Xbri Loss Prevention Version10.6.0
Oracle ≫ Micros Retail Xbri Loss Prevention Version10.7.7
Oracle ≫ Micros Retail Xbri Loss Prevention Version10.8.0
Oracle ≫ Micros Retail Xbri Loss Prevention Version10.8.1
Oracle ≫ Mysql Enterprise Monitor Version <= 3.2.8.2223
Oracle ≫ Mysql Enterprise Monitor Version >= 3.3.0 <= 3.3.4.3247
Oracle ≫ Mysql Enterprise Monitor Version >= 3.4.0 <= 3.4.2.4181
Oracle ≫ Retail Convenience And Fuel Pos Software Version2.1.132
Oracle ≫ Transportation Management Version6.3.0
Oracle ≫ Transportation Management Version6.3.1
Oracle ≫ Transportation Management Version6.3.2
Oracle ≫ Transportation Management Version6.3.3
Oracle ≫ Transportation Management Version6.3.4
Oracle ≫ Transportation Management Version6.3.5
Oracle ≫ Transportation Management Version6.3.6
Oracle ≫ Transportation Management Version6.3.7
12.05.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Apache Tomcat Remote Code Execution Vulnerability
SchwachstelleApache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.9% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|