NVD Vulnerability Detail

CVE-2016-8735

Summary	Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
Summary	La ejecución remota de código es posible con Apache Tomcat en versiones anteriores a 6.0.48, 7.x en versiones anteriores a 7.0.73, 8.x en versiones anteriores a 8.0.39, 8.5.x en versiones anteriores a 8.5.7 y 9.x en versiones anteriores a 9.0.0.M12 si JmxRemoteLifecycleListener es utilizado y un atacante puede llegar a los puertos JMX. El problema existe porque este oyente no se actualizó por coherencia con el parche de Oracle CVE-2016-3427 que afectó a los tipos de credenciales.
Publication Date	April 7, 2017, 6:59 a.m.
Registration Date	Jan. 26, 2021, 2:19 p.m.
Last Update	April 22, 2026, 2:03 a.m.

CVSS3.1 : CRITICAL
スコア	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat::::::::				6.0.48
cpe:2.3:a:apache:tomcat::::::::	7.0.0			7.0.73
cpe:2.3:a:apache:tomcat::::::::	8.0			8.0.39
cpe:2.3:a:apache:tomcat::::::::	8.5.0			8.5.7
cpe:2.3:a:apache:tomcat:9.0.0:-::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
cpe:2.3:a:netapp:7-mode_transition_tool:-:::::::*
cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:oncommand_shift:-:::::::*
cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*
cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:::::::*
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:::::::*
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
cpe:2.3:a:oracle:agile_plm:9.3.5:::::::*
cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:::::::*
cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:::::::*
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:::::::*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:::::::*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:::::::*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
cpe:2.3:a:oracle:micros_relate_crm_software:10.8:::::::*
cpe:2.3:a:oracle:micros_relate_crm_software:11.4:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.7:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:::::::*
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::		3.2.8.2223
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::	3.3.0	3.3.4.3247
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::	3.4.0	3.4.2.4181
cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.0:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.1:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.2:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.3:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.4:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.5:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.6:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.7:::::::*

Related information, measures and tools

No	URL	refsource
1	http://rhn.redhat.com/errata/RHSA-2017-0457.html	security@apache.org
2	http://seclists.org/oss-sec/2016/q4/502	security@apache.org
3	http://svn.apache.org/viewvc?view=revision&revision=1767644	security@apache.org
4	http://svn.apache.org/viewvc?view=revision&revision=1767656	security@apache.org
5	http://svn.apache.org/viewvc?view=revision&revision=1767676	security@apache.org
6	http://svn.apache.org/viewvc?view=revision&revision=1767684	security@apache.org
7	http://tomcat.apache.org/security-6.html	security@apache.org
8	http://tomcat.apache.org/security-7.html	security@apache.org
9	http://tomcat.apache.org/security-8.html	security@apache.org
10	http://tomcat.apache.org/security-9.html	security@apache.org
11	http://www.debian.org/security/2016/dsa-3738	security@apache.org
12	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	security@apache.org
13	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	security@apache.org
14	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	security@apache.org
15	http://www.securityfocus.com/bid/94463	security@apache.org
16	http://www.securitytracker.com/id/1037331	security@apache.org
17	https://access.redhat.com/errata/RHSA-2017:0455	security@apache.org
18	https://access.redhat.com/errata/RHSA-2017:0456	security@apache.org
19	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	security@apache.org
20	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	security@apache.org
21	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	security@apache.org
22	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	security@apache.org
23	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	security@apache.org
24	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	security@apache.org
25	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	security@apache.org
26	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	security@apache.org
27	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	security@apache.org
28	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	security@apache.org
29	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	security@apache.org
30	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	security@apache.org
31	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	security@apache.org
32	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	security@apache.org
33	https://security.netapp.com/advisory/ntap-20180607-0001/	security@apache.org
34	https://usn.ubuntu.com/4557-1/	security@apache.org
35	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	security@apache.org
36	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	security@apache.org
37	http://rhn.redhat.com/errata/RHSA-2017-0457.html	af854a3a-2127-422b-91ae-364da2661108
38	http://seclists.org/oss-sec/2016/q4/502	af854a3a-2127-422b-91ae-364da2661108
39	http://svn.apache.org/viewvc?view=revision&revision=1767644	af854a3a-2127-422b-91ae-364da2661108
40	http://svn.apache.org/viewvc?view=revision&revision=1767656	af854a3a-2127-422b-91ae-364da2661108
41	http://svn.apache.org/viewvc?view=revision&revision=1767676	af854a3a-2127-422b-91ae-364da2661108
42	http://svn.apache.org/viewvc?view=revision&revision=1767684	af854a3a-2127-422b-91ae-364da2661108
43	http://tomcat.apache.org/security-6.html	af854a3a-2127-422b-91ae-364da2661108
44	http://tomcat.apache.org/security-7.html	af854a3a-2127-422b-91ae-364da2661108
45	http://tomcat.apache.org/security-8.html	af854a3a-2127-422b-91ae-364da2661108
46	http://tomcat.apache.org/security-9.html	af854a3a-2127-422b-91ae-364da2661108
47	http://www.debian.org/security/2016/dsa-3738	af854a3a-2127-422b-91ae-364da2661108
48	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	af854a3a-2127-422b-91ae-364da2661108
49	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	af854a3a-2127-422b-91ae-364da2661108
50	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	af854a3a-2127-422b-91ae-364da2661108
51	http://www.securityfocus.com/bid/94463	af854a3a-2127-422b-91ae-364da2661108
52	http://www.securitytracker.com/id/1037331	af854a3a-2127-422b-91ae-364da2661108
53	https://access.redhat.com/errata/RHSA-2017:0455	af854a3a-2127-422b-91ae-364da2661108
54	https://access.redhat.com/errata/RHSA-2017:0456	af854a3a-2127-422b-91ae-364da2661108
55	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
56	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
57	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
58	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
59	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
60	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
61	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
62	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
63	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
64	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
65	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
66	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
67	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
68	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
69	https://security.netapp.com/advisory/ntap-20180607-0001/	af854a3a-2127-422b-91ae-364da2661108
70	https://usn.ubuntu.com/4557-1/	af854a3a-2127-422b-91ae-364da2661108
71	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	af854a3a-2127-422b-91ae-364da2661108
72	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	af854a3a-2127-422b-91ae-364da2661108
73	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8735	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat::::::::				6.0.48
cpe:2.3:a:apache:tomcat::::::::	7.0.0			7.0.73
cpe:2.3:a:apache:tomcat::::::::	8.0			8.0.39
cpe:2.3:a:apache:tomcat::::::::	8.5.0			8.5.7
cpe:2.3:a:apache:tomcat:9.0.0:-::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
cpe:2.3:a:netapp:7-mode_transition_tool:-:::::::*
cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:oncommand_shift:-:::::::*
cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*
cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:::::::*
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:::::::*
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
cpe:2.3:a:oracle:agile_plm:9.3.5:::::::*
cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:::::::*
cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:::::::*
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:::::::*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:::::::*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:::::::*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
cpe:2.3:a:oracle:micros_relate_crm_software:10.8:::::::*
cpe:2.3:a:oracle:micros_relate_crm_software:11.4:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.7:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:::::::*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:::::::*
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::		3.2.8.2223
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::	3.3.0	3.3.4.3247
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::	3.4.0	3.4.2.4181
cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.0:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.1:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.2:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.3:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.4:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.5:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.6:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.7:::::::*