CVE-2016-8735
- Source
- https://cve.org/CVERecord?id=CVE-2016-8735
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8735.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-8735
- Aliases
- Downstream
- Related
- Published
- 2017-04-06T21:59:00.243Z
- Modified
- 2026-03-15T22:11:48.458250Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8735
- http://tomcat.apache.org/security-9.html
- http://tomcat.apache.org/security-8.html
- http://seclists.org/oss-sec/2016/q4/502
- http://tomcat.apache.org/security-6.html
- https://access.redhat.com/errata/RHSA-2017:0456
- http://rhn.redhat.com/errata/RHSA-2017-0457.html
- http://www.debian.org/security/2016/dsa-3738
- https://security.netapp.com/advisory/ntap-20180607-0001/
- http://tomcat.apache.org/security-7.html
- https://access.redhat.com/errata/RHSA-2017:0455
- http://www.securityfocus.com/bid/94463
- http://www.securitytracker.com/id/1037331
- https://usn.ubuntu.com/4557-1/
- https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://svn.apache.org/viewvc?view=revision&revision=1767656
- http://svn.apache.org/viewvc?view=revision&revision=1767676
- http://svn.apache.org/viewvc?view=revision&revision=1767644
- https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
- http://svn.apache.org/viewvc?view=revision&revision=1767684
- https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Affected packages
Git / github.com/apache/tomcat
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/tomcat
- Events
-
IntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "7.0.0" }, { "fixed": "7.0.73" }, { "introduced": "8.5.0" }, { "fixed": "8.5.7" }, { "introduced": "0" }, { "last_affected": "9.0.0-NA" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone1" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone10" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone11" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone2" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone3" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone4" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone5" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone6" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone7" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone8" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone9" }, { "introduced": "0" }, { "last_affected": "10.0.1" }, { "introduced": "0" }, { "last_affected": "10.0.1" } ] }
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.48"
}
]
},
{
"events": [
{
"introduced": "8.0"
},
{
"fixed": "8.0.39"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.2.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.7.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.2.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.8.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.2.8.2223"
}
]
},
{
"events": [
{
"introduced": "3.3.0"
},
{
"last_affected": "3.3.4.3247"
}
]
},
{
"events": [
{
"introduced": "3.4.0"
},
{
"last_affected": "3.4.2.4181"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.1.132"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3.7"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8735.json"