Miggo Logo

CVE-2016-8735:
Apache Tomcat Improper Access Control vulnerability

9.8

CVSS Score
3.0

Basic Information

EPSS Score
0.99879%
Published
5/13/2022
Updated
6/27/2024
KEV Status
Yes
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.tomcat:tomcat-catalinamaven< 6.0.486.0.48
org.apache.tomcat:tomcat-catalinamaven>= 7.0.0, < 7.0.737.0.73
org.apache.tomcat:tomcat-catalinamaven>= 8.0.0, < 8.0.398.0.39
org.apache.tomcat:tomcat-catalinamaven>= 8.5.0, < 8.5.78.5.7
org.apache.tomcat:tomcat-catalinamaven>= 9.0.0.M1, < 9.0.0.M129.0.0.M12
org.apache.tomcat:tomcat-catalina-jmx-remotemaven< 6.0.486.0.48
org.apache.tomcat:tomcat-catalina-jmx-remotemaven>= 7.0.0, < 7.0.737.0.73
org.apache.tomcat:tomcat-catalina-jmx-remotemaven>= 8.0.0, < 8.0.398.0.39
org.apache.tomcat:tomcat-catalina-jmx-remotemaven>= 8.5.0, < 8.5.78.5.7
org.apache.tomcat:tomcat-catalina-jmx-remotemaven>= 9.0.0.M1, < 9.0.0.M129.0.0.M12

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

R*mot* *o** *x**ution is possi*l* wit* *p**** Tom**t ***or* *.*.**, *.x ***or* *.*.**, *.x ***or* *.*.**, *.*.x ***or* *.*.*, *n* *.x ***or* *.*.*.M** i* JmxR*mot*Li***y*l*List*n*r is us** *n* *n *tt**k*r **n r**** JMX ports. T** issu* *xists ****us

Reasoning

No *n*lysis *v*il**l*