CVE-2016-8735
Apache Tomcat Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
90.3%
p100
KEV
YES
May 12, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Apache / Tomcat
Vulnerability
Apache Tomcat Remote Code Execution Vulnerability
Added to KEV
May 12, 2023
Remediate by
Jun 2, 2023
Known ransomware use
No
Summary description
Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
Required action
Apply updates per vendor instructions.
Notes
https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735