CVE-2016-8735 in Database Serverthông tin

Tóm tắt

Bởi MITRE

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Đặt trước

18/10/2016

Tiết lộ

06/04/2017

Kiểm duyệt

được chấp nhận

mục

Liên hệ

hiển thị

CPE

sẵn sàng

CWE

CWE-284 (Đã xác nhận)

CVSS

9.8 (NVD)

EPSS

0.93809

KEV

có

Các hoạt động

rất thấp

ngành

Lawfirm, Transportation, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-8735
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8735
CVE Details	https://www.cvedetails.com/cve/CVE-2016-8735/

◂ Trước Tổng Quan Tiếp theo ▸

Do you need the next level of professionalism?

Upgrade your account now!