Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn’t updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. (CVE-2016-8735)
Impact
An attacker can execute arbitrary code via the Apache Tomcat JmxRemoteLifecycleListener component.

CPENameOperatorVersion
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.5.4
big-ip afmeq11.6.0
big-ip afmeq11.6.1
big-ip afmeq12.0.0

Name	Operator	Version
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.5.4
big-ip afm	eq	11.6.0
big-ip afm	eq	11.6.1
big-ip afm	eq	12.0.0

Rows per page:

1-10 of 1731

cisa_kev 2

osv 2

seebug 1

ubuntucve 2

cve 2

prion 2

openvas 29

github 1

debiancve 2

attackerkb 2

cvelist 2

nvd 2

redhatcve 1

tomcat 5

nessus 45

archlinux 1

mageia 1

pentestit 1

kitploit 2

f5 3

checkpoint_advisories 1

ibm 57

myhack58 1

veracode 2

freebsd 1

amazon 5

vmware 2

fedora 3

debian 4

redhat 6

oraclelinux 3

centos 2

suse 2

ubuntu 2

cisa_kev

Apache Tomcat Remote Code Execution Vulnerability

2023-05-12 00:00:00

Oracle Java SE and JRockit Unspecified Vulnerability

2023-05-12 00:00:00

osv

Apache Tomcat Improper Access Control vulnerability

2022-05-13 01:14:52

CVE-2016-8735

2017-04-06 21:59:00

seebug

Apache Tomcat Remote Code Execution（CVE-2016-8735）

2016-11-25 00:00:00

ubuntucve

CVE-2016-8735

2016-11-24 00:00:00

CVE-2016-3427

2016-04-21 00:00:00

cve

CVE-2016-8735

2017-04-06 21:59:00

CVE-2016-3427

2016-04-21 11:00:21

prion

Remote code execution

2017-04-06 21:59:00

Buffer overflow

2016-04-21 11:00:00

openvas

Apache Tomcat RCE Vulnerability (Nov 2016)

2017-06-28 00:00:00

Mageia: Security Advisory (MGASA-2016-0417)

2022-01-28 00:00:00

Oracle Database Server 'WLM' And 'Spatial' Components Multiple Unspecified Vulnerabilities

2017-10-18 00:00:00

github

Apache Tomcat Improper Access Control vulnerability

2022-05-13 01:14:52

debiancve

CVE-2016-8735

2017-04-06 21:59:00

CVE-2016-3427

2016-04-21 11:00:21

attackerkb

CVE-2016-8735

2017-04-06 00:00:00

CVE-2016-3427

2016-04-21 00:00:00

cvelist

CVE-2016-8735

2017-04-06 21:00:00

CVE-2016-3427

2016-04-21 10:00:00

nvd

CVE-2016-8735

2017-04-06 21:59:00

CVE-2016-3427

2016-04-21 11:00:21

redhatcve

CVE-2016-8735

2021-01-03 18:49:05

tomcat

Fixed in Apache Tomcat 7.0.73

2016-11-14 00:00:00

Fixed in Apache Tomcat 8.0.39

2016-11-14 00:00:00

Fixed in Apache Tomcat 6.0.48

2016-11-15 00:00:00

nessus

Apache Tomcat 7.0.0 < 7.0.73 multiple vulnerabilities

2024-05-23 00:00:00

Apache Tomcat 8.0.0.RC1 < 8.0.39 multiple vulnerabilities

2024-05-23 00:00:00

Apache Tomcat 8.5.0 < 8.5.8 multiple vulnerabilities

2016-12-01 00:00:00

archlinux

[ASA-201611-22] tomcat6: multiple issues

2016-11-23 00:00:00

mageia

Updated tomcat package fixes security vulnerabilities

2016-12-12 01:44:05

pentestit

JexBoss: Java Deserialization Verification & EXploitation Tool!

2017-08-11 06:52:45

kitploit

JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool

2017-12-18 21:12:00

Beanshooter - JMX Enumeration And Attacking Tool

2021-07-22 12:30:00

SOL49820145 - Apache Tomcat vulnerability CVE-2016-8735

2016-12-01 00:00:00

SOL73112451 - Oracle Java SE vulnerability CVE-2016-3427

2016-05-27 00:00:00

K73112451 : Oracle Java SE vulnerability CVE-2016-3427

2016-05-28 00:00:00

checkpoint_advisories

Apache Tomcat Remote Code Execution (CVE-2016-8735)

2020-03-27 00:00:00

ibm

Security Bulletin: A vulnerability in IBM Java SDK affects Rational Insight (CVE-2016-3427)

2018-06-17 05:13:33

Security Bulletin: An unspecified JMX component vulnerability affects IBM SPSS Analytic Server (CVE-2016-3427)

2018-06-16 13:40:55

Security Bulletin: A security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-3427)

2018-06-17 05:13:33

myhack58

Apache Tomcat multiple versions of a remote code execution CVE-2016-8735(POC)-vulnerability warning-the black bar safety net

2016-12-03 00:00:00

veracode

Arbitrary Code Execution

2019-05-02 05:28:55

Remote Code Execution (RCE)

2017-04-04 03:02:03

freebsd

tomcat -- multiple vulnerabilities

2016-11-22 00:00:00

amazon

Important: tomcat6

2016-12-15 00:41:00

Important: tomcat8

2016-12-15 00:50:00

Important: tomcat7

2016-12-15 00:48:00

vmware

VMware product updates address critical and important security issues

2016-05-17 00:00:00

VMware product updates address critical and important security issues.

2016-05-17 00:00:00

fedora

[SECURITY] Fedora 25 Update: tomcat-8.0.39-1.fc25

2016-12-14 21:31:31

[SECURITY] Fedora 23 Update: tomcat-8.0.39-1.fc23

2016-12-15 01:21:03

[SECURITY] Fedora 24 Update: tomcat-8.0.39-1.fc24

2016-12-14 22:57:34

debian

[SECURITY] [DSA 3738-1] tomcat7 security update

2016-12-18 09:12:10

[SECURITY] [DSA 3739-1] tomcat8 security update

2016-12-18 09:12:31

[SECURITY] [DSA 3739-1] tomcat8 security update

2016-12-18 09:12:31

redhat

(RHSA-2017:0455) Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update

2015-11-12 18:40:07

(RHSA-2017:0457) Important: Red Hat JBoss Web Server security and enhancement update

2017-03-07 18:57:09

(RHSA-2017:0456) Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update

2015-11-12 19:12:07

oraclelinux

java-1.7.0-openjdk security update

2016-04-21 00:00:00

java-1.6.0-openjdk security update

2016-05-09 00:00:00

java-1.7.0-openjdk security update

2016-04-21 00:00:00

centos

java security update

2016-04-21 14:18:59

java security update

2016-04-21 15:42:31

suse

Security update for java-1_7_0-openjdk (important)

2016-05-07 15:09:13

Security update for java-1_7_0-openjdk (important)

2016-05-06 13:14:05

ubuntu

OpenJDK 6 vulnerabilities

2016-05-10 00:00:00

OpenJDK 7 vulnerabilities

2016-05-05 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.1 High

AI Score

Confidence

High

0.251 Low

EPSS

Percentile

96.7%

JSON

Related for F5:K49820145