Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-8735

Опубликовано: 06 апр. 2017
Источник: ubuntu
Приоритет: high
EPSS Критический
CVSS2: 7.5
CVSS3: 9.8

Описание

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-apps/xenial

released

6.0.45+dfsg-1ubuntu0.1
esm-infra-legacy/trusty

released

6.0.39-1ubuntu0.1+esm2
esm-infra/focal

DNE

focal

DNE

Показывать по

РелизСтатусПримечание
artful

not-affected

7.0.73-1
bionic

not-affected

7.0.73-1
cosmic

not-affected

7.0.73-1
devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

not-affected

7.0.73-1
esm-apps/xenial

released

7.0.68-1ubuntu0.3
esm-infra-legacy/trusty

not-affected

7.0.52-1ubuntu0.8
esm-infra/focal

DNE

Показывать по

РелизСтатусПримечание
artful

released

8.0.38-2ubuntu1
bionic

released

8.0.38-2ubuntu1
cosmic

released

8.0.38-2ubuntu1
devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

released

8.0.38-2ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

8.0.32-1ubuntu1.3

Показывать по

Ссылки на источники

EPSS

Процентиль: 100%
0.94052
Критический

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-8735

CVSS3: 8.1
redhat
больше 8 лет назад

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

nvd логотип

CVE-2016-8735

CVSS3: 9.8
nvd
около 8 лет назад

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

debian логотип

CVE-2016-8735

CVSS3: 9.8
debian
около 8 лет назад

Remote code execution is possible with Apache Tomcat before 6.0.48, 7. ...

github логотип

GHSA-cw54-59pw-4g8c

CVSS3: 9.8
github
около 3 лет назад

Apache Tomcat Improper Access Control vulnerability

fstec логотип

BDU:2017-01545

fstec
около 8 лет назад

Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 100%
0.94052
Критический

7.5 High

CVSS2

9.8 Critical

CVSS3

Уязвимость CVE-2016-8735