CVE-2016-8735

Confirmed PUBLISHED

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before...

Apache Software Foundation · Apache Tomcat
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical

At a Glance

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

nuclei_scanner apache cisa
CVE Published
Apr 06, 2017
Exploitation Reported
May 12, 2023
CVSS
9.8 Critical
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Apache Software Foundation
Apache Tomcat

before 6.0.48

Affected
Apache Software Foundation
Apache Tomcat

7.x before 7.0.73

Affected
Apache Software Foundation
Apache Tomcat

8.x before 8.0.39

Affected
Apache Software Foundation
Apache Tomcat

8.5.x before 8.5.7

Affected
Apache Software Foundation
Apache Tomcat

9.x before 9.0.0.M12

Affected

CVE References

  • DSA-3738 debian.org · Vendor Advisory http://www.debian.org/security/2016/dsa-3738
  • RHSA-2017:0457 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2017-0457.html
  • RHSA-2017:0455 access.redhat.com · Vendor Advisory https://access.redhat.com/errata/RHSA-2017:0455
  • RHSA-2017:0456 access.redhat.com · Vendor Advisory https://access.redhat.com/errata/RHSA-2017:0456
  • USN-4557-1 usn.ubuntu.com · Vendor Advisory https://usn.ubuntu.com/4557-1/
Show 31 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.