Description

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Remediation

References

CVE-2016-8735

Related Vulnerabilities

WordPress Plugin Change Password and E-mail Cross-Site Scripting (1.0)

WordPress Plugin Subscribe To Comments Reloaded Multiple Vulnerabilities (140204)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.127.3)

WordPress Plugin Safe SVG Denial of Service (1.9.4)

SharePoint CVE-2023-33129 Vulnerability (CVE-2023-33129)

Severity

Critical

Classification

CVE-2016-8735 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities