CVE-2016-8735

🗓️ 06 Apr 2017 21:00:00Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 1023 Views

Remote code execution in Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 due to JmxRemoteLifecycleListener vulnerability

Reporter	Title	Published	Views	Family All 154
IBM Security Bulletins	Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2016-6816, CVE-2016-6817, CVE-2016-8735 )	18 Jun 201800:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.	15 Jun 201823:17	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight (CVE-2016-6816, CVE-2016-8735)	17 Jun 201805:19	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Tomcat Vulnerabilities (CVE-2016-6817, CVE-2016-8735, CVE-2016-6816)	15 Nov 201822:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Apache Tomcat vulnerabilities affect IBM SONAS.	18 Jun 201800:32	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat Vulnerabilities Affect IBM Sterling B2B Integrator	29 Apr 202502:11	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities	16 Jun 201822:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2016-8735, CVE-2016-6816)	18 Nov 201913:57	–	ibm

NVD

Vulners

Node

apache tomcatRange<6.0.48

apache tomcatRange7.0.0–7.0.73

apache tomcatRange8.0–8.0.39

apache tomcatRange8.5.0–8.5.7

apache tomcatMatch9.0.0-

apache tomcatMatch9.0.0milestone1

apache tomcatMatch9.0.0milestone10

apache tomcatMatch9.0.0milestone11

apache tomcatMatch9.0.0milestone2

apache tomcatMatch9.0.0milestone3

apache tomcatMatch9.0.0milestone4

apache tomcatMatch9.0.0milestone5

apache tomcatMatch9.0.0milestone6

apache tomcatMatch9.0.0milestone7

apache tomcatMatch9.0.0milestone8

apache tomcatMatch9.0.0milestone9

Node

canonical ubuntu_linuxMatch16.04esm

Node

netapp 7-mode_transition_toolMatch-

netapp oncommand_insightMatch-

netapp oncommand_shiftMatch-

netapp snap_creator_frameworkMatch-

Node

debian debian_linuxMatch8.0

Node

redhat jboss_enterprise_web_serverMatch3.0.0

Node

oracle agile_engineering_data_managementMatch6.1.3

oracle agile_engineering_data_managementMatch6.2.0

oracle agile_engineering_data_managementMatch6.2.1.0

oracle agile_plmMatch9.3.5

oracle agile_plmMatch9.3.6

oracle communications_application_session_controllerMatch3.7.1

oracle communications_application_session_controllerMatch3.8.0

oracle communications_instant_messaging_serverMatch10.0.1

oracle communications_interactive_session_recorderMatch6.0

oracle communications_interactive_session_recorderMatch6.1

oracle communications_interactive_session_recorderMatch6.2

oracle hospitality_guest_accessMatch4.2.0

oracle hospitality_guest_accessMatch4.2.1

oracle micros_relate_crm_softwareMatch10.8

oracle micros_relate_crm_softwareMatch11.4

oracle micros_retail_xbri_loss_preventionMatch10.0.1

oracle micros_retail_xbri_loss_preventionMatch10.5.0

oracle micros_retail_xbri_loss_preventionMatch10.6.0

oracle micros_retail_xbri_loss_preventionMatch10.7.7

oracle micros_retail_xbri_loss_preventionMatch10.8.0

oracle micros_retail_xbri_loss_preventionMatch10.8.1

oracle mysql_enterprise_monitorRange≤3.2.8.2223

oracle mysql_enterprise_monitorRange3.3.0–3.3.4.3247

oracle mysql_enterprise_monitorRange3.4.0–3.4.2.4181

oracle retail_convenience_and_fuel_pos_softwareMatch2.1.132

oracle transportation_managementMatch6.3.0

oracle transportation_managementMatch6.3.1

oracle transportation_managementMatch6.3.2

oracle transportation_managementMatch6.3.3

oracle transportation_managementMatch6.3.4

oracle transportation_managementMatch6.3.5

oracle transportation_managementMatch6.3.6

oracle transportation_managementMatch6.3.7

[
  {
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "before 6.0.48"
      },
      {
        "status": "affected",
        "version": "7.x before 7.0.73"
      },
      {
        "status": "affected",
        "version": "8.x before 8.0.39"
      },
      {
        "status": "affected",
        "version": "8.5.x before 8.5.7"
      },
      {
        "status": "affected",
        "version": "9.x before 9.0.0.M12"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2017:0455
access	www.access.redhat.com/errata/RHSA-2017:0456
svn	www.svn.apache.org/viewvc
security	www.security.netapp.com/advisory/ntap-20180607-0001/
lists	www.lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
svn	www.svn.apache.org/viewvc
tomcat	www.tomcat.apache.org/security-6.html
securitytracker	www.securitytracker.com/id/1037331
usn	www.usn.ubuntu.com/4557-1/
lists	www.lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

21 Apr 2026 17:03Current

8High risk

Vulners AI Score8

CVSS 27.5

CVSS 3.19.8

EPSS0.93809

SSVC

In Wild