ByteOS Network

CVE Vulnerability Details :

CVE-2016-8735

PUBLISHED

Known KEV

More Info Official Page

Assigner-apache

Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09

View Known Exploited Vulnerability (KEV) details

Published At-06 Apr, 2017 | 21:00

Updated At-30 Jul, 2025 | 01:46

▼CVE Numbering Authority (CNA)

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Affected Products

Vendor

The Apache Software Foundation

Product

Apache Tomcat

Versions

Affected

before 6.0.48
7.x before 7.0.73
8.x before 8.0.39
8.5.x before 8.5.7
9.x before 9.0.0.M12

Problem Types

Type	CWE ID	Description
text	N/A	Remote code execution

References

Hyperlink	Resource
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1767676	x_refsource_CONFIRM
http://tomcat.apache.org/security-9.html	x_refsource_CONFIRM
http://www.securitytracker.com/id/1037331	vdb-entry x_refsource_SECTRACK
http://www.securityfocus.com/bid/94463	vdb-entry x_refsource_BID
http://www.debian.org/security/2016/dsa-3738	vendor-advisory x_refsource_DEBIAN
http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1767644	x_refsource_CONFIRM
http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1767656	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180607-0001/	x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0457.html	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:0455	vendor-advisory x_refsource_REDHAT
http://svn.apache.org/viewvc?view=revision&revision=1767684	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:0456	vendor-advisory x_refsource_REDHAT
http://seclists.org/oss-sec/2016/q4/502	x_refsource_CONFIRM
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST
https://usn.ubuntu.com/4557-1/	vendor-advisory x_refsource_UBUNTU

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	x_refsource_CONFIRM x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1767676	x_refsource_CONFIRM x_transferred
http://tomcat.apache.org/security-9.html	x_refsource_CONFIRM x_transferred
http://www.securitytracker.com/id/1037331	vdb-entry x_refsource_SECTRACK x_transferred
http://www.securityfocus.com/bid/94463	vdb-entry x_refsource_BID x_transferred
http://www.debian.org/security/2016/dsa-3738	vendor-advisory x_refsource_DEBIAN x_transferred
http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1767644	x_refsource_CONFIRM x_transferred
http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1767656	x_refsource_CONFIRM x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM x_transferred
https://security.netapp.com/advisory/ntap-20180607-0001/	x_refsource_CONFIRM x_transferred
http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM x_transferred
http://rhn.redhat.com/errata/RHSA-2017-0457.html	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2017:0455	vendor-advisory x_refsource_REDHAT x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1767684	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2017:0456	vendor-advisory x_refsource_REDHAT x_transferred
http://seclists.org/oss-sec/2016/q4/502	x_refsource_CONFIRM x_transferred
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC x_transferred
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC x_transferred
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://usn.ubuntu.com/4557-1/	vendor-advisory x_refsource_UBUNTU x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-noinfo	CWE-noinfo Not enough information

Metrics

Version	Base score	Base severity	Vector
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Metrics Other Info

kev

dateAdded:

2023-05-12

reference:

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8735

Timeline

Event	Date
CVE-2016-8735 added to CISA KEV	2023-05-12 00:00:00

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References