Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Tomcat CVE-2016-8735 Vulnerability (CVE-2016-8735)

Description

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Remediation

References

Related Vulnerabilities

WordPress Plugin CiviCRM Multiple Cross-Site Scripting Vulnerabilities (5.35.0)

Oracle Application Server CVE-2008-2609 Vulnerability (CVE-2008-2609)

WordPress Plugin Sina Extension for Elementor Local File Inclusion (2.2.0)

Oracle JRE CVE-2018-2795 Vulnerability (CVE-2018-2795)

WordPress Plugin DMCA WaterMarker Cross-Site Scripting (1.0)

Severity

Critical

Classification

CVE-2016-8735 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities