logo

CVE-2016-8735 - Apache Tomcat Remote Code Execution Vulnerability

CVE-2016-8735

Apache | Tomcat

  • Date Added:
  • 2023-05-12
  • Due Date:
  • 2023-06-02
Vulnerability Name

Apache Tomcat Remote Code Execution Vulnerability

Description

Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes
https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735

Free online web security scanner