CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jun 2, 2023
High
CISA KEVCVE-2016-8735
Apache—Tomcat
Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
Required Action
https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- May 12, 2023
- KEV Added
- May 12, 2023
- Due Date
- Jun 2, 2023
- Related Articles
- 0
Vendor
Apache
Tomcat