CVE-2016-8735
Apache Tomcat Remote Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
90.3%
p100
KEV
SÍ
12 may 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Apache / Tomcat
Vulnerabilidad
Apache Tomcat Remote Code Execution Vulnerability
Añadido a KEV
12 may 2023
Remediar antes de
2 jun 2023
Uso conocido en ransomware
No
Descripción resumida
Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
Acción requerida
Apply updates per vendor instructions.
Notas
https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735