CVE-2016-8735
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9397
Percentile
1,0th
Updated
EPSS Score Trend (Last 91 Days)
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Hospitality Guest Access by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Agile Engineering Data Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Transportation Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:transportation_management:6.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
Version Range Affected
From
7.0.0
(inclusive)
To
7.0.73
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Oncommand Shift by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Transportation Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Transportation Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Agile Engineering Data Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Instant Messaging Server by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Micros Retail Xbri Loss Prevention by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Micros Retail Xbri Loss Prevention by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
7-Mode Transition Tool by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Agile Engineering Data Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Transportation Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jboss Enterprise Web Server by Redhat
CPE Identifier
View Detailed Analysis
cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Micros Retail Xbri Loss Prevention by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Snap Creator Framework by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Transportation Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Transportation Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Interactive Session Recorder by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
Version Range Affected
To
6.0.48
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Micros Relate Crm Software by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:micros_relate_crm_software:10.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Mysql Enterprise Monitor by Oracle
Version Range Affected
From
3.4.0
(inclusive)
To
3.4.2.4181
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Interactive Session Recorder by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Transportation Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Micros Retail Xbri Loss Prevention by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Interactive Session Recorder by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Agile Plm by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Mysql Enterprise Monitor by Oracle
Version Range Affected
From
3.3.0
(inclusive)
To
3.3.4.3247
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Mysql Enterprise Monitor by Oracle
Version Range Affected
To
3.2.8.2223
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Application Session Controller by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Micros Retail Xbri Loss Prevention by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Retail Convenience And Fuel Pos Software by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Hospitality Guest Access by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Transportation Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Agile Plm by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Micros Relate Crm Software by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:micros_relate_crm_software:11.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
Version Range Affected
From
8.5.0
(inclusive)
To
8.5.7
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Oncommand Insight by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Application Session Controller by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Micros Retail Xbri Loss Prevention by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
Version Range Affected
From
8.0
(inclusive)
To
8.0.39
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016…
http://rhn.redhat.com/errata/RHSA-2017-0457.html
https://access.redhat.com/errata/RHSA-2017:0455
https://access.redhat.com/errata/RHSA-2017:0456
http://seclists.org/oss-sec/2016/q4/502
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e…
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbe…
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3…
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc…
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f…
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d…
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d8…
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa7…
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429…
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be…
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d8…
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe…
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc…
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855…
https://security.netapp.com/advisory/ntap-20180607-0001/
https://usn.ubuntu.com/4557-1/
http://svn.apache.org/viewvc?view=revision&revision=1767644
http://svn.apache.org/viewvc?view=revision&revision=1767656
http://svn.apache.org/viewvc?view=revision&revision=1767676
http://svn.apache.org/viewvc?view=revision&revision=1767684
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-9.html
http://www.debian.org/security/2016/dsa-3738
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/94463
http://www.securitytracker.com/id/1037331
http://rhn.redhat.com/errata/RHSA-2017-0457.html
https://access.redhat.com/errata/RHSA-2017:0455
https://access.redhat.com/errata/RHSA-2017:0456
http://seclists.org/oss-sec/2016/q4/502
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e…
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbe…
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3…
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc…
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f…
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d…
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d8…
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa7…
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429…
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be…
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d8…
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe…
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc…
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855…
https://security.netapp.com/advisory/ntap-20180607-0001/
https://usn.ubuntu.com/4557-1/
http://svn.apache.org/viewvc?view=revision&revision=1767644
http://svn.apache.org/viewvc?view=revision&revision=1767656
http://svn.apache.org/viewvc?view=revision&revision=1767676
http://svn.apache.org/viewvc?view=revision&revision=1767684
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-9.html
http://www.debian.org/security/2016/dsa-3738
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/94463
http://www.securitytracker.com/id/1037331