7.5
CVSSv2

CVE-2016-8735

Published: 06/04/2017 Updated: 05/10/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Remote code execution is possible with Apache Tomcat prior to 6.0.48, 7.x prior to 7.0.73, 8.x prior to 8.0.39, 8.5.x prior to 8.5.7, and 9.x prior to 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 6.0.0

apache tomcat 6.0.15

apache tomcat 6.0.16

apache tomcat 6.0.17

apache tomcat 6.0.23

apache tomcat 6.0.24

apache tomcat 6.0.30

apache tomcat 6.0.31

apache tomcat 6.0.39

apache tomcat 6.0.4

apache tomcat 6.0.46

apache tomcat 6.0.47

apache tomcat 6.0.11

apache tomcat 6.0.12

apache tomcat 6.0.2

apache tomcat 6.0.20

apache tomcat 6.0.27

apache tomcat 6.0.28

apache tomcat 6.0.34

apache tomcat 6.0.35

apache tomcat 6.0.42

apache tomcat 6.0.43

apache tomcat 6.0.7

apache tomcat 6.0.8

apache tomcat 6.0.1

apache tomcat 6.0.10

apache tomcat 6.0.18

apache tomcat 6.0.19

apache tomcat 6.0.25

apache tomcat 6.0.26

apache tomcat 6.0.32

apache tomcat 6.0.33

apache tomcat 6.0.40

apache tomcat 6.0.41

apache tomcat 6.0.5

apache tomcat 6.0.6

apache tomcat 6.0.13

apache tomcat 6.0.14

apache tomcat 6.0.21

apache tomcat 6.0.22

apache tomcat 6.0.29

apache tomcat 6.0.3

apache tomcat 6.0.36

apache tomcat 6.0.37

apache tomcat 6.0.38

apache tomcat 6.0.44

apache tomcat 6.0.45

apache tomcat 6.0.9

apache tomcat 7.0.0

apache tomcat 7.0.1

apache tomcat 7.0.16

apache tomcat 7.0.17

apache tomcat 7.0.23

apache tomcat 7.0.24

apache tomcat 7.0.30

apache tomcat 7.0.31

apache tomcat 7.0.32

apache tomcat 7.0.39

apache tomcat 7.0.4

apache tomcat 7.0.46

apache tomcat 7.0.47

apache tomcat 7.0.54

apache tomcat 7.0.55

apache tomcat 7.0.61

apache tomcat 7.0.62

apache tomcat 7.0.69

apache tomcat 7.0.7

apache tomcat 7.0.12

apache tomcat 7.0.13

apache tomcat 7.0.2

apache tomcat 7.0.20

apache tomcat 7.0.27

apache tomcat 7.0.28

apache tomcat 7.0.35

apache tomcat 7.0.36

apache tomcat 7.0.42

apache tomcat 7.0.43

apache tomcat 7.0.5

apache tomcat 7.0.50

apache tomcat 7.0.58

apache tomcat 7.0.59

apache tomcat 7.0.65

apache tomcat 7.0.66

apache tomcat 7.0.72

apache tomcat 7.0.8

apache tomcat 7.0.9

apache tomcat 7.0.10

apache tomcat 7.0.11

apache tomcat 7.0.18

apache tomcat 7.0.19

apache tomcat 7.0.25

apache tomcat 7.0.26

apache tomcat 7.0.33

apache tomcat 7.0.34

apache tomcat 7.0.40

apache tomcat 7.0.41

apache tomcat 7.0.48

apache tomcat 7.0.49

apache tomcat 7.0.56

apache tomcat 7.0.57

apache tomcat 7.0.63

apache tomcat 7.0.64

apache tomcat 7.0.70

apache tomcat 7.0.71

apache tomcat 7.0.14

apache tomcat 7.0.15

apache tomcat 7.0.21

apache tomcat 7.0.22

apache tomcat 7.0.29

apache tomcat 7.0.3

apache tomcat 7.0.37

apache tomcat 7.0.38

apache tomcat 7.0.44

apache tomcat 7.0.45

apache tomcat 7.0.51

apache tomcat 7.0.52

apache tomcat 7.0.53

apache tomcat 7.0.6

apache tomcat 7.0.60

apache tomcat 7.0.67

apache tomcat 7.0.68

apache tomcat 8.0.1

apache tomcat 8.0.10

apache tomcat 8.0.17

apache tomcat 8.0.18

apache tomcat 8.0.24

apache tomcat 8.0.25

apache tomcat 8.0.32

apache tomcat 8.0.33

apache tomcat 8.0.5

apache tomcat 8.0.6

apache tomcat 8.0.13

apache tomcat 8.0.14

apache tomcat 8.0.20

apache tomcat 8.0.21

apache tomcat 8.0.29

apache tomcat 8.0.3

apache tomcat 8.0.36

apache tomcat 8.0.37

apache tomcat 8.0.9

apache tomcat 8.0.11

apache tomcat 8.0.12

apache tomcat 8.0.19

apache tomcat 8.0.2

apache tomcat 8.0.26

apache tomcat 8.0.27

apache tomcat 8.0.28

apache tomcat 8.0.34

apache tomcat 8.0.35

apache tomcat 8.0.7

apache tomcat 8.0.8

apache tomcat 8.0.0

apache tomcat 8.0.15

apache tomcat 8.0.16

apache tomcat 8.0.22

apache tomcat 8.0.23

apache tomcat 8.0.30

apache tomcat 8.0.31

apache tomcat 8.0.38

apache tomcat 8.0.4

apache tomcat 8.5.2

apache tomcat 8.5.3

apache tomcat 8.5.4

apache tomcat 8.5.5

apache tomcat 8.5.6

apache tomcat 8.5.0

apache tomcat 8.5.1

apache tomcat 9.0.0

Vendor Advisories

Synopsis Important: Red Hat JBoss Web Server security and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener ...
CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener ...
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427 JMXRemoteLifecycleListener is only included in EWS 2x and JWS 3x source distributions If you deploy a Tomcat instance built from source, using the EWS 2x, or JWS 3x distributions, an attacker could use this flaw to launch a remote code execution a ...
CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener ...
Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts Those flaws allowed for privilege escalation, information disclosure, and remote code execution As part of this update, several regressions stemming from incomplete fixes for previous vulnerabilities were al ...
Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts Those flaws allowed for privilege escalation, information disclosure, and remote code execution As part of this update, several regressions stemming from incomplete fixes for previous vulnerabilities were al ...
Arch Linux Security Advisory ASA-201611-22 ========================================== Severity: High Date : 2016-11-23 CVE-ID : CVE-2016-6816 CVE-2016-8735 Package : tomcat6 Type : multiple issues Remote : Yes Link : wikiarchlinuxorg/indexphp/CVE Summary ======= The package tomcat6 before version 6048-1 is vulnerable to m ...
Debian Bug report logs - #845385 CVE-2016-9775: privilege escalation via removal Package: tomcat8; Maintainer for tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat8 is src:tomcat8 (PTS, buildd, popcon) Reported by: Paul Szabo <paulszabo@sydneyeduau> Date: Tue, 22 ...
Debian Bug report logs - #845393 CVE-2016-9774: privilege escalation via upgrade Package: tomcat8; Maintainer for tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat8 is src:tomcat8 (PTS, buildd, popcon) Reported by: Paul Szabo <paulszabo@sydneyeduau> Date: Tue, 22 ...
USN-3177-1 introduced a regression in Tomcat ...
Several security issues were fixed in Tomcat ...
Oracle Solaris Third Party Bulletin - January 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Up ...
Oracle Critical Patch Update Advisory - July 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...
Oracle Critical Patch Update Advisory - January 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
Oracle Critical Patch Update Advisory - April 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus ...
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...

Github Repositories

JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc Requirements Python >= 27x urllib3 ipaddress Installation on Linux\Mac To install the latest version of JexBoss, please use the

JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc Requirements Python >= 27x urllib3 ipaddress Installation on Linux\Mac To install the latest version of JexBoss, please use the

JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc Requirements Python >= 27x urllib3 ipaddress Installation on Linux\Mac To install the latest version of JexBoss, please use the

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc Requirements Python >= 27x urllib3 ipaddress Installation on Linux\Mac To install the latest version of JexBoss, please use the

JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc Requirements Python >= 27x urllib3 ipaddress Installation on Linux\Mac To install the latest version of JexBoss, please use the

JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc Requirements Python >= 27x urllib3 ipaddress Installation on Linux\Mac To install the latest version of JexBoss, please use the

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc Requirements Python >= 27x urllib3 ipaddress Installation on Linux\Mac To install the latest version of JexBoss, please use the

jok3r*Jok3r* is a Python3 CLI application which is aimed at **helping penetration testers for network infrastructure and web black-box security tests**.

raw:: html image:: /pictures/logopng raw:: html image:: imgshieldsio/badge/python-36-bluesvg :target: wwwpythonorg/downloads/release/python-366/ :alt: Python 36 image:: readthedocsorg/projects/jok3r/badge/?version=latest :target: jok3rreadthedocsio/en/latest/ :alt: Documentation ReadTheDocs image:: im

Jok3r - Network and Web Pentest Framework

Jok3r - Network and Web Pentest Framework Jok3r es una aplicación CLI de Python3 que está dirigida a ayudar a los auditores de penetración en infraestructuras de red y pruebas de seguridad web de black-box Su principal objetivo es ahorrar tiempo en todo lo que se puede automatizar en la red/web a auditar para disfrutar más tiempo en cosas más

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

Jok3r v3 beta Network & Web Pentest Automation Framework wwwjok3r-frameworkcomWARNING: Project is still in version 3 BETA It is still under active development and bugs might be present Many tests are going on: see githubcom/koutto/jok3r/blob/master/tests/TESTSrst Ideas, bug reports, contributions are welcome ! Overview Features Demos Architecture

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Jok3r v3 beta Network & Web Pentest Automation Framework wwwjok3r-frameworkcomWARNING: Project is still in version 3 BETA It is still under active development and bugs might be present Many tests are going on: see githubcom/koutto/jok3r/blob/master/tests/TESTSrst Ideas, bug reports, contributions are welcome ! Overview Features Demos Architecture

Cyber Securiy MOOC Unsecure project

LINK: githubcom/ilmari666/cybsec Based on the Springboot-template as per course material that can be installed and run with suitably configured Netbeans and Maven Five flaws as per wwwowasporg/images/7/72/OWASP_Top_10-2017_%28en%29pdfpdf This document can be read at githubcom/ilmari666/cybsec/blob/master/READMEmd FLAW 1: A2:2017 Broken Authentica

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

信息收集 主机信息收集 敏感目录文件收集 目录爆破 字典 BurpSuite 搜索引擎语法 Google Hack DuckDuckgo 可搜索微博、人人网等屏蔽了主流搜索引擎的网站 Bing js文件泄漏后台或接口信息 快捷搜索第三方资源 findjs robotstxt 目录可访问( autoindex ) iis短文件名 IIS-ShortName-Scanner

The cheat sheet about Java Deserialization vulnerabilities

Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks & presentations & docs Payload generators Exploits Detect Vulnerable apps (without

Compiled dataset of Java deserialization CVEs

Java-Deserialization-CVEs This is a dataset of CVEs related to Java Deserialization Since existing CVE databases do not allow for granular searches by vulnerability type and language, this list was compiled by manually searching the NIST NVD CVE database with different queries If you notice any discrepancies, contributions are very welcome! CVE ID Year CVSS 3/31 risk CV

References

CWE-284http://tomcat.apache.org/security-9.htmlhttp://tomcat.apache.org/security-8.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-6.htmlhttp://svn.apache.org/viewvc?view=revision&revision=1767684http://svn.apache.org/viewvc?view=revision&revision=1767676http://svn.apache.org/viewvc?view=revision&revision=1767656http://svn.apache.org/viewvc?view=revision&revision=1767644http://seclists.org/oss-sec/2016/q4/502http://www.securityfocus.com/bid/94463http://www.securitytracker.com/id/1037331http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.debian.org/security/2016/dsa-3738https://access.redhat.com/errata/RHSA-2017:0456https://access.redhat.com/errata/RHSA-2017:0455http://rhn.redhat.com/errata/RHSA-2017-0457.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttps://security.netapp.com/advisory/ntap-20180607-0001/http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3Ehttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3Ehttps://usn.ubuntu.com/4557-1/https://tools.cisco.com/security/center/viewAlert.x?alertId=49851https://nvd.nist.govhttps://github.com/joaomatosf/jexbosshttps://usn.ubuntu.com/3177-2/