Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-8735

Опубликовано: 06 апр. 2017
Источник: debian
EPSS Критический

Описание

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat9not-affectedpackage
tomcat8fixed8.0.39-1package
tomcat7fixed7.0.72-3package
tomcat6fixed6.0.41-3package

Примечания

  • Since 7.0.72-3, src:tomcat7 only builds the Servlet API

  • Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie

  • Fixed by: http://svn.apache.org/r1767656 (8.0.x)

  • Fixed by: http://svn.apache.org/r1767676 (7.0.x)

  • Fixed by: http://svn.apache.org/r1767684 (6.0.x)

EPSS

Процентиль: 100%
0.94052
Критический

Связанные уязвимости

ubuntu логотип

CVE-2016-8735

CVSS3: 9.8
ubuntu
около 8 лет назад

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

redhat логотип

CVE-2016-8735

CVSS3: 8.1
redhat
больше 8 лет назад

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

nvd логотип

CVE-2016-8735

CVSS3: 9.8
nvd
около 8 лет назад

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

github логотип

GHSA-cw54-59pw-4g8c

CVSS3: 9.8
github
около 3 лет назад

Apache Tomcat Improper Access Control vulnerability

fstec логотип

BDU:2017-01545

fstec
около 8 лет назад

Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 100%
0.94052
Критический