Home

CVE-2016-8735

Description

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasnt updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
93.668

Associated Vulnerability

VulnerabilityOS Platform
Update Tomcat to 9.5.14Windows
Update Tomcat to 9.5.5Windows
Update Tomcat to 9.5.7Windows
Update Tomcat to 9.5.8Windows
Update Tomcat to 9.6.10Windows
Update Tomcat to 9.6.3Windows
Update Tomcat to 9.6.4Windows
Update Tomcat to 9.6.7Windows
Update Tomcat to 9.6.8Windows
Update Tomcat to 2.4.5Windows
Update Tomcat to 3.0.14Windows
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina-jmx-remote 6.0.48Windows
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina-jmx-remote 7.0.73Windows
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina-jmx-remote 8.0.39Windows
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina-jmx-remote 8.5.7Windows
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina-jmx-remote 9.0.0Windows
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina 6.0.48Windows
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina 7.0.73Windows
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina 8.0.39Windows
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina 8.5.7Windows
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina 9.0.0Windows
Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.0Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.2Windows
tomcat7 security update(DSA-3738-1) tomcat7_7.0.56-3+deb8u6_all.debLinux
tomcat8 security update(DSA-3739-1) tomcat8_8.0.14-1+deb8u5_all.debLinux
Update Tomcat to 9.5.14 (For Linux)Linux
Update Tomcat to 9.5.5 (For Linux)Linux
Update Tomcat to 9.5.7 (For Linux)Linux
Update Tomcat to 9.5.8 (For Linux)Linux
Update Tomcat to 9.6.10 (For Linux)Linux
Update Tomcat to 9.6.3 (For Linux)Linux
Update Tomcat to 9.6.4 (For Linux)Linux
Update Tomcat to 9.6.7 (For Linux)Linux
Update Tomcat to 9.6.8 (For Linux)Linux
Update Tomcat to 2.4.5 (For Linux)Linux
Update Tomcat to 3.0.14 (For Linux)Linux
Servlet and JSP engine (USN-4557-1) libservlet2.5-java_6.0.45+dfsg-1ubuntu0.1_all.debLinux
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina-jmx-remote for Linux 6.0.48Linux
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina-jmx-remote for Linux 7.0.73Linux
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina-jmx-remote for Linux 8.0.39Linux
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina-jmx-remote for Linux 8.5.7Linux
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina-jmx-remote for Linux 9.0.0Linux
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina for Linux 6.0.48Linux
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina for Linux 7.0.73Linux
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina for Linux 8.0.39Linux
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina for Linux 8.5.7Linux
Vulnerabilities CVE-2016-8735 are fixed in Apache-tomcat-catalina for Linux 9.0.0Linux
CVE-2016-8735NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234