CVE-2016-8735

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2017-0457.html	Third Party Advisory
http://seclists.org/oss-sec/2016/q4/502	Mailing List Mitigation Third Party Advisory
http://svn.apache.org/viewvc?view=revision&revision=1767644	Patch
http://svn.apache.org/viewvc?view=revision&revision=1767656	Patch
http://svn.apache.org/viewvc?view=revision&revision=1767676	Patch
http://svn.apache.org/viewvc?view=revision&revision=1767684	Patch
http://tomcat.apache.org/security-6.html	Release Notes Vendor Advisory
http://tomcat.apache.org/security-7.html	Release Notes Vendor Advisory
http://tomcat.apache.org/security-8.html	Release Notes Vendor Advisory
http://tomcat.apache.org/security-9.html	Release Notes Vendor Advisory
http://www.debian.org/security/2016/dsa-3738	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Patch Third Party Advisory
http://www.securityfocus.com/bid/94463	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037331	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:0455	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0456	Third Party Advisory
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://security.netapp.com/advisory/ntap-20180607-0001/	Third Party Advisory
https://usn.ubuntu.com/4557-1/	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat:9.0.0:-::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:netapp:7-mode_transition_tool:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_shift:-:::::::*
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR	cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:::::::*
	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:::::::*
	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.5:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
	cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:::::::*
	cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:::::::*
	cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
	cpe:2.3:a:oracle:micros_relate_crm_software:10.8:::::::*
	cpe:2.3:a:oracle:micros_relate_crm_software:11.4:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.7:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.0:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.1:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.2:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.3:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.4:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.5:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.6:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.7:::::::*

History

27 Jun 2024, 19:23

07 Nov 2023, 02:36

Type	Values Removed	Values Added
References	{'url': 'https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'}	() https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E -

Information

Published : 2017-04-06 21:59

Updated : 2024-06-27 19:23

NVD link : CVE-2016-8735

Mitre link : CVE-2016-8735

CVE.ORG link : CVE-2016-8735

JSON object : View

Products Affected

oracle

communications_interactive_session_recorder
micros_retail_xbri_loss_prevention
agile_engineering_data_management
mysql_enterprise_monitor
micros_relate_crm_software
communications_instant_messaging_server
transportation_management
agile_plm
communications_application_session_controller
hospitality_guest_access
retail_convenience_and_fuel_pos_software

debian

debian_linux

redhat

jboss_enterprise_web_server

netapp

7-mode_transition_tool
snap_creator_framework
oncommand_shift
oncommand_insight

canonical

ubuntu_linux

apache

tomcat

CWE

NVD-CWE-noinfo

Type	Values Removed	Values Added
First Time		Oracle transportation Management Oracle communications Interactive Session Recorder Oracle communications Application Session Controller Netapp oncommand Shift Netapp snap Creator Framework Oracle micros Retail Xbri Loss Prevention Canonical Debian debian Linux Oracle communications Instant Messaging Server Netapp Netapp oncommand Insight Oracle Redhat jboss Enterprise Web Server Debian Oracle micros Relate Crm Software Redhat Canonical ubuntu Linux Oracle agile Plm Netapp 7-mode Transition Tool Oracle hospitality Guest Access Oracle agile Engineering Data Management Oracle retail Convenience And Fuel Pos Software Oracle mysql Enterprise Monitor
CWE	~~CWE-284~~	NVD-CWE-noinfo
CPE	cpe:2.3:a:apache:tomcat:7.0.51:::::::* cpe:2.3:a:apache:tomcat:7.0.9:::::::* cpe:2.3:a:apache:tomcat:6.0.21:::::::* cpe:2.3:a:apache:tomcat:7.0.11:::::::* cpe:2.3:a:apache:tomcat:6.0.43:::::::* cpe:2.3:a:apache:tomcat:7.0.25:::::::* cpe:2.3:a:apache:tomcat:8.0.11:::::::* cpe:2.3:a:apache:tomcat:7.0.34:::::::* cpe:2.3:a:apache:tomcat:6.0.39:::::::* cpe:2.3:a:apache:tomcat:8.5.6:::::::* cpe:2.3:a:apache:tomcat:8.0.27:::::::* cpe:2.3:a:apache:tomcat:6.0.23:::::::* cpe:2.3:a:apache:tomcat:8.0.33:::::::* cpe:2.3:a:apache:tomcat:7.0.18:::::::* cpe:2.3:a:apache:tomcat:6.0.45:::::::* cpe:2.3:a:apache:tomcat:6.0.20:::::::* cpe:2.3:a:apache:tomcat:6.0.16:::::::* cpe:2.3:a:apache:tomcat:8.0.28:::::::* cpe:2.3:a:apache:tomcat:7.0.48:::::::* cpe:2.3:a:apache:tomcat:8.0.4:::::::* cpe:2.3:a:apache:tomcat:8.0.32:::::::* cpe:2.3:a:apache:tomcat:8.5.3:::::::* cpe:2.3:a:apache:tomcat:8.0.17:::::::* cpe:2.3:a:apache:tomcat:6.0.7:::::::* cpe:2.3:a:apache:tomcat:7.0.67:::::::* cpe:2.3:a:apache:tomcat:6.0.0:::::::* cpe:2.3:a:apache:tomcat:6.0.3:::::::* cpe:2.3:a:apache:tomcat:7.0.55:::::::* cpe:2.3:a:apache:tomcat:6.0.40:::::::* cpe:2.3:a:apache:tomcat:6.0.1:::::::* cpe:2.3:a:apache:tomcat:7.0.66:::::::* cpe:2.3:a:apache:tomcat:7.0.14:::::::* cpe:2.3:a:apache:tomcat:7.0.41:::::::* cpe:2.3:a:apache:tomcat:8.0.21:::::::* cpe:2.3:a:apache:tomcat:6.0.35:::::::* cpe:2.3:a:apache:tomcat:6.0.42:::::::* cpe:2.3:a:apache:tomcat:6.0.18:::::::* cpe:2.3:a:apache:tomcat:8.0.26:::::::* cpe:2.3:a:apache:tomcat:7.0.64:::::::* cpe:2.3:a:apache:tomcat:8.0.20:::::::* cpe:2.3:a:apache:tomcat:7.0.5:::::::* cpe:2.3:a:apache:tomcat:7.0.31:::::::* cpe:2.3:a:apache:tomcat:8.0.14:::::::* cpe:2.3:a:apache:tomcat:8.0.37:::::::* cpe:2.3:a:apache:tomcat:8.5.2:::::::* cpe:2.3:a:apache:tomcat:7.0.43:::::::* cpe:2.3:a:apache:tomcat:6.0.10:::::::* cpe:2.3:a:apache:tomcat:6.0.30:::::::* cpe:2.3:a:apache:tomcat:6.0.11:::::::* cpe:2.3:a:apache:tomcat:6.0.41:::::::* cpe:2.3:a:apache:tomcat:7.0.49:::::::* cpe:2.3:a:apache:tomcat:6.0.44:::::::* cpe:2.3:a:apache:tomcat:7.0.62:::::::* cpe:2.3:a:apache:tomcat:6.0.29:::::::* cpe:2.3:a:apache:tomcat:6.0.5:::::::* cpe:2.3:a:apache:tomcat:7.0.69:::::::* cpe:2.3:a:apache:tomcat:6.0.32:::::::* cpe:2.3:a:apache:tomcat:8.0.9:::::::* cpe:2.3:a:apache:tomcat:7.0.65:::::::* cpe:2.3:a:apache:tomcat:8.0.13:::::::* cpe:2.3:a:apache:tomcat:7.0.38:::::::* cpe:2.3:a:apache:tomcat:7.0.1:::::::* cpe:2.3:a:apache:tomcat:7.0.4:::::::* cpe:2.3:a:apache:tomcat:6.0.24:::::::* cpe:2.3:a:apache:tomcat:7.0.24:::::::* cpe:2.3:a:apache:tomcat:7.0.68:::::::* cpe:2.3:a:apache:tomcat:7.0.29:::::::* cpe:2.3:a:apache:tomcat:8.0.34:::::::* cpe:2.3:a:apache:tomcat:7.0.32:::::::* cpe:2.3:a:apache:tomcat:6.0.17:::::::* cpe:2.3:a:apache:tomcat:8.0.7:::::::* cpe:2.3:a:apache:tomcat:7.0.20:::::::* cpe:2.3:a:apache:tomcat:6.0.27:::::::* cpe:2.3:a:apache:tomcat:7.0.13:::::::* cpe:2.3:a:apache:tomcat:8.0.24:::::::* cpe:2.3:a:apache:tomcat:7.0.8:::::::* cpe:2.3:a:apache:tomcat:7.0.37:::::::* cpe:2.3:a:apache:tomcat:7.0.39:::::::* cpe:2.3:a:apache:tomcat:8.0.12:::::::* cpe:2.3:a:apache:tomcat:8.0.22:::::::* cpe:2.3:a:apache:tomcat:8.0.38:::::::* cpe:2.3:a:apache:tomcat:7.0.60:::::::* cpe:2.3:a:apache:tomcat:7.0.50:::::::* cpe:2.3:a:apache:tomcat:6.0.12:::::::* cpe:2.3:a:apache:tomcat:7.0.2:::::::* cpe:2.3:a:apache:tomcat:7.0.57:::::::* cpe:2.3:a:apache:tomcat:7.0.63:::::::* cpe:2.3:a:apache:tomcat:8.0.19:::::::* cpe:2.3:a:apache:tomcat:7.0.53:::::::* cpe:2.3:a:apache:tomcat:8.0.16:::::::* cpe:2.3:a:apache:tomcat:7.0.30:::::::* cpe:2.3:a:apache:tomcat:6.0.38:::::::* cpe:2.3:a:apache:tomcat:7.0.42:::::::* cpe:2.3:a:apache:tomcat:6.0.8:::::::* cpe:2.3:a:apache:tomcat:7.0.7:::::::* cpe:2.3:a:apache:tomcat:8.0.2:::::::* cpe:2.3:a:apache:tomcat:7.0.59:::::::* cpe:2.3:a:apache:tomcat:6.0.25:::::::* cpe:2.3:a:apache:tomcat:7.0.52:::::::* cpe:2.3:a:apache:tomcat:6.0.33:::::::* cpe:2.3:a:apache:tomcat:7.0.10:::::::* cpe:2.3:a:apache:tomcat:7.0.44:::::::* cpe:2.3:a:apache:tomcat:7.0.3:::::::* cpe:2.3:a:apache:tomcat:7.0.22:::::::* cpe:2.3:a:apache:tomcat:8.0.1:::::::* cpe:2.3:a:apache:tomcat:7.0.17:::::::* cpe:2.3:a:apache:tomcat:6.0.13:::::::* cpe:2.3:a:apache:tomcat:6.0.2:::::::* cpe:2.3:a:apache:tomcat:8.0.23:::::::* cpe:2.3:a:apache:tomcat:8.0.5:::::::* cpe:2.3:a:apache:tomcat:7.0.27:::::::* cpe:2.3:a:apache:tomcat:8.0.35:::::::* cpe:2.3:a:apache:tomcat:8.5.5:::::::* cpe:2.3:a:apache:tomcat:7.0.71:::::::* cpe:2.3:a:apache:tomcat:6.0.15:::::::* cpe:2.3:a:apache:tomcat:7.0.33:::::::* cpe:2.3:a:apache:tomcat:7.0.47:::::::* cpe:2.3:a:apache:tomcat:8.0.31:::::::* cpe:2.3:a:apache:tomcat:8.0.30:::::::* cpe:2.3:a:apache:tomcat:6.0.6:::::::* cpe:2.3:a:apache:tomcat:6.0.14:::::::* cpe:2.3:a:apache:tomcat:6.0.26:::::::* cpe:2.3:a:apache:tomcat:7.0.16:::::::* cpe:2.3:a:apache:tomcat:7.0.54:::::::* cpe:2.3:a:apache:tomcat:8.5.0:::::::* cpe:2.3:a:apache:tomcat:7.0.15:::::::* cpe:2.3:a:apache:tomcat:7.0.0:::::::* cpe:2.3:a:apache:tomcat:6.0.9:::::::* cpe:2.3:a:apache:tomcat:8.0.29:::::::* cpe:2.3:a:apache:tomcat:6.0.19:::::::* cpe:2.3:a:apache:tomcat:7.0.6:::::::* cpe:2.3:a:apache:tomcat:7.0.36:::::::* cpe:2.3:a:apache:tomcat:7.0.40:::::::* cpe:2.3:a:apache:tomcat:8.0.8:::::::* cpe:2.3:a:apache:tomcat:7.0.56:::::::* cpe:2.3:a:apache:tomcat:7.0.19:::::::* cpe:2.3:a:apache:tomcat:6.0.22:::::::* cpe:2.3:a:apache:tomcat:6.0.47:::::::* cpe:2.3:a:apache:tomcat:6.0.36:::::::* cpe:2.3:a:apache:tomcat:8.0.18:::::::* cpe:2.3:a:apache:tomcat:7.0.45:::::::* cpe:2.3:a:apache:tomcat:8.0.10:::::::* cpe:2.3:a:apache:tomcat:7.0.21:::::::* cpe:2.3:a:apache:tomcat:7.0.58:::::::* cpe:2.3:a:apache:tomcat:7.0.61:::::::* cpe:2.3:a:apache:tomcat:8.0.6:::::::* cpe:2.3:a:apache:tomcat:7.0.26:::::::* cpe:2.3:a:apache:tomcat:6.0.37:::::::* cpe:2.3:a:apache:tomcat:6.0.28:::::::* cpe:2.3:a:apache:tomcat:8.0.25:::::::* cpe:2.3:a:apache:tomcat:8.0.36:::::::* cpe:2.3:a:apache:tomcat:6.0.4:::::::* cpe:2.3:a:apache:tomcat:8.0.3:::::::* cpe:2.3:a:apache:tomcat:6.0.34:::::::* cpe:2.3:a:apache:tomcat:7.0.72:::::::* cpe:2.3:a:apache:tomcat:7.0.23:::::::* cpe:2.3:a:apache:tomcat:6.0.31:::::::* cpe:2.3:a:apache:tomcat:8.5.1:::::::* cpe:2.3:a:apache:tomcat:8.5.4:::::::* cpe:2.3:a:apache:tomcat:6.0.46:::::::* cpe:2.3:a:apache:tomcat:7.0.28:::::::* cpe:2.3:a:apache:tomcat:8.0.15:::::::* cpe:2.3:a:apache:tomcat:7.0.35:::::::* cpe:2.3:a:apache:tomcat:7.0.46:::::::* cpe:2.3:a:apache:tomcat:8.0.0:::::::* cpe:2.3:a:apache:tomcat:7.0.12:::::::* cpe:2.3:a:apache:tomcat:7.0.70:::::::*	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:::::::* cpe:2.3:a:oracle:agile_plm:9.3.5:::::::* cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:::::::* cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:::::::* cpe:2.3:a:netapp:7-mode_transition_tool:-:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:::::::* cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:::::::* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:::::::* cpe:2.3:a:netapp:oncommand_insight:-:::::::* cpe:2.3:a:oracle:mysql_enterprise_monitor:::::::: cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:::::::* cpe:2.3:a:oracle:transportation_management:6.3.5:::::::* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:::::::* cpe:2.3:a:oracle:agile_plm:9.3.6:::::::* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::* cpe:2.3:a:oracle:transportation_management:6.3.6:::::::* cpe:2.3:a:apache:tomcat:::::::: cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:::::::* cpe:2.3:a:apache:tomcat:9.0.0:-:::::: cpe:2.3:a:oracle:transportation_management:6.3.0:::::::* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:a:oracle:micros_relate_crm_software:10.8:::::::* cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:::::::* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::* cpe:2.3:a:oracle:transportation_management:6.3.4:::::::* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:::::::* cpe:2.3:a:oracle:transportation_management:6.3.3:::::::* cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::* cpe:2.3:a:oracle:transportation_management:6.3.1:::::::* cpe:2.3:a:oracle:transportation_management:6.3.7:::::::* cpe:2.3:a:oracle:transportation_management:6.3.2:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:a:oracle:micros_relate_crm_software:11.4:::::::* cpe:2.3:a:netapp:snap_creator_framework:-:::::::* cpe:2.3:a:netapp:oncommand_shift:-:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.7:::::::* cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:::::::*
References	~~() http://rhn.redhat.com/errata/RHSA-2017-0457.html -~~	() http://rhn.redhat.com/errata/RHSA-2017-0457.html - Third Party Advisory
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767644 - Issue Tracking, Patch, Third Party Advisory~~	() http://svn.apache.org/viewvc?view=revision&revision=1767644 - Patch
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767656 - Issue Tracking, Patch, Third Party Advisory~~	() http://svn.apache.org/viewvc?view=revision&revision=1767656 - Patch
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767676 - Issue Tracking, Patch, Third Party Advisory~~	() http://svn.apache.org/viewvc?view=revision&revision=1767676 - Patch
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767684 - Issue Tracking, Patch, Third Party Advisory~~	() http://svn.apache.org/viewvc?view=revision&revision=1767684 - Patch
References	~~() http://www.debian.org/security/2016/dsa-3738 -~~	() http://www.debian.org/security/2016/dsa-3738 - Mailing List, Third Party Advisory
References	~~() http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html -~~	() http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html - Patch, Third Party Advisory
References	~~() http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html -~~	() http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Third Party Advisory
References	~~() http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html -~~	() http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory
References	~~() http://www.securityfocus.com/bid/94463 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/94463 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1037331 -~~	() http://www.securitytracker.com/id/1037331 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://access.redhat.com/errata/RHSA-2017:0455 -~~	() https://access.redhat.com/errata/RHSA-2017:0455 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2017:0456 -~~	() https://access.redhat.com/errata/RHSA-2017:0456 - Third Party Advisory
References	~~() https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://security.netapp.com/advisory/ntap-20180607-0001/ -~~	() https://security.netapp.com/advisory/ntap-20180607-0001/ - Third Party Advisory
References	~~() https://usn.ubuntu.com/4557-1/ -~~	() https://usn.ubuntu.com/4557-1/ - Third Party Advisory
References	~~() https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html -~~	() https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html - Patch, Third Party Advisory
References	~~() https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html -~~	() https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - Patch, Third Party Advisory

9.8 /10