Test Kennung:	1.3.6.1.4.1.25623.1.0.810966
Kategorie:	Web Servers
Titel:	Apache Tomcat RCE Vulnerability (Nov 2016)
Zusammenfassung:	Apache Tomcat is prone to a remote code execution (RCE); vulnerability.
Beschreibung:	Summary: Apache Tomcat is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: The flaw is due to an unspecified error in 'JmxRemoteLifecycleListener'. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code. Affected Software/OS: Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12. Note: This issue exists if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. Solution: Update to version 6.0.48, 7.0.73, 8.0.39, 8.5.8, 9.0.0.M13 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-8735 BugTraq ID: 94463 http://www.securityfocus.com/bid/94463 Debian Security Information: DSA-3738 (Google Search) http://www.debian.org/security/2016/dsa-3738 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2017:0455 https://access.redhat.com/errata/RHSA-2017:0455 RedHat Security Advisories: RHSA-2017:0456 https://access.redhat.com/errata/RHSA-2017:0456 RedHat Security Advisories: RHSA-2017:0457 http://rhn.redhat.com/errata/RHSA-2017-0457.html http://www.securitytracker.com/id/1037331 https://usn.ubuntu.com/4557-1/ Common Vulnerability Exposure (CVE) ID: CVE-2016-3427 BugTraq ID: 86421 http://www.securityfocus.com/bid/86421 Debian Security Information: DSA-3558 (Google Search) http://www.debian.org/security/2016/dsa-3558 https://security.gentoo.org/glsa/201606-18 https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948@%3Cdev.cassandra.apache.org%3E https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258@%3Cuser.cassandra.apache.org%3E http://www.openwall.com/lists/oss-security/2020/08/31/1 RedHat Security Advisories: RHSA-2016:0650 http://rhn.redhat.com/errata/RHSA-2016-0650.html RedHat Security Advisories: RHSA-2016:0651 http://rhn.redhat.com/errata/RHSA-2016-0651.html RedHat Security Advisories: RHSA-2016:0675 http://rhn.redhat.com/errata/RHSA-2016-0675.html RedHat Security Advisories: RHSA-2016:0676 http://rhn.redhat.com/errata/RHSA-2016-0676.html RedHat Security Advisories: RHSA-2016:0677 http://rhn.redhat.com/errata/RHSA-2016-0677.html RedHat Security Advisories: RHSA-2016:0678 http://rhn.redhat.com/errata/RHSA-2016-0678.html RedHat Security Advisories: RHSA-2016:0679 http://rhn.redhat.com/errata/RHSA-2016-0679.html RedHat Security Advisories: RHSA-2016:0701 http://rhn.redhat.com/errata/RHSA-2016-0701.html RedHat Security Advisories: RHSA-2016:0702 http://rhn.redhat.com/errata/RHSA-2016-0702.html RedHat Security Advisories: RHSA-2016:0708 http://rhn.redhat.com/errata/RHSA-2016-0708.html RedHat Security Advisories: RHSA-2016:0716 http://rhn.redhat.com/errata/RHSA-2016-0716.html RedHat Security Advisories: RHSA-2016:0723 http://rhn.redhat.com/errata/RHSA-2016-0723.html RedHat Security Advisories: RHSA-2016:1039 http://rhn.redhat.com/errata/RHSA-2016-1039.html RedHat Security Advisories: RHSA-2016:1430 https://access.redhat.com/errata/RHSA-2016:1430 RedHat Security Advisories: RHSA-2017:1216 https://access.redhat.com/errata/RHSA-2017:1216 http://www.securitytracker.com/id/1035596 SuSE Security Announcement: SUSE-SU-2016:1248 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html SuSE Security Announcement: SUSE-SU-2016:1250 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html SuSE Security Announcement: SUSE-SU-2016:1299 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html SuSE Security Announcement: SUSE-SU-2016:1300 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html SuSE Security Announcement: SUSE-SU-2016:1303 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html SuSE Security Announcement: SUSE-SU-2016:1378 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html SuSE Security Announcement: SUSE-SU-2016:1379 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html SuSE Security Announcement: SUSE-SU-2016:1388 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html SuSE Security Announcement: SUSE-SU-2016:1458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html SuSE Security Announcement: SUSE-SU-2016:1475 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html SuSE Security Announcement: openSUSE-SU-2016:1222 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html SuSE Security Announcement: openSUSE-SU-2016:1230 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html SuSE Security Announcement: openSUSE-SU-2016:1235 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html SuSE Security Announcement: openSUSE-SU-2016:1262 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html SuSE Security Announcement: openSUSE-SU-2016:1265 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html http://www.ubuntu.com/usn/USN-2963-1 http://www.ubuntu.com/usn/USN-2964-1 http://www.ubuntu.com/usn/USN-2972-1
Copyright	Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.