CVE-2016-8735 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
apache	tomcat	𝑥 < 6.0.48
apache	tomcat	7.0.0 ≤ 𝑥 < 7.0.73
apache	tomcat	8.0 ≤ 𝑥 < 8.0.39
apache	tomcat	8.5.0 ≤ 𝑥 < 8.5.7
apache	tomcat	9.0.0
apache	tomcat	9.0.0:milestone1
apache	tomcat	9.0.0:milestone10
apache	tomcat	9.0.0:milestone11
apache	tomcat	9.0.0:milestone2
apache	tomcat	9.0.0:milestone3
apache	tomcat	9.0.0:milestone4
apache	tomcat	9.0.0:milestone5
apache	tomcat	9.0.0:milestone6
apache	tomcat	9.0.0:milestone7
apache	tomcat	9.0.0:milestone8
apache	tomcat	9.0.0:milestone9
canonical	ubuntu_linux	16.04
netapp	7-mode_transition_tool	-
netapp	oncommand_insight	-
netapp	oncommand_shift	-
netapp	snap_creator_framework	-
debian	debian_linux	8.0
redhat	jboss_enterprise_web_server	3.0.0
oracle	agile_engineering_data_management	6.1.3
oracle	agile_engineering_data_management	6.2.0
oracle	agile_engineering_data_management	6.2.1.0
oracle	agile_plm	9.3.5
oracle	agile_plm	9.3.6
oracle	communications_application_session_controller	3.7.1
oracle	communications_application_session_controller	3.8.0
oracle	communications_instant_messaging_server	10.0.1
oracle	communications_interactive_session_recorder	6.0
oracle	communications_interactive_session_recorder	6.1
oracle	communications_interactive_session_recorder	6.2
oracle	hospitality_guest_access	4.2.0
oracle	hospitality_guest_access	4.2.1
oracle	micros_relate_crm_software	10.8
oracle	micros_relate_crm_software	11.4
oracle	micros_retail_xbri_loss_prevention	10.0.1
oracle	micros_retail_xbri_loss_prevention	10.5.0
oracle	micros_retail_xbri_loss_prevention	10.6.0
oracle	micros_retail_xbri_loss_prevention	10.7.7
oracle	micros_retail_xbri_loss_prevention	10.8.0
oracle	micros_retail_xbri_loss_prevention	10.8.1
oracle	mysql_enterprise_monitor	𝑥 ≤ 3.2.8.2223
oracle	mysql_enterprise_monitor	3.3.0 ≤ 𝑥 ≤ 3.3.4.3247
oracle	mysql_enterprise_monitor	3.4.0 ≤ 𝑥 ≤ 3.4.2.4181
oracle	retail_convenience_and_fuel_pos_software	2.1.132
oracle	transportation_management	6.3.0
oracle	transportation_management	6.3.1
oracle	transportation_management	6.3.2
oracle	transportation_management	6.3.3
oracle	transportation_management	6.3.4
oracle	transportation_management	6.3.5
oracle	transportation_management	6.3.6
oracle	transportation_management	6.3.7

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat9

bookworm	9.0.70-2 fixed
bullseye	9.0.43-2~deb11u10 fixed
bullseye (security)	9.0.43-2~deb11u10 fixed
sid	9.0.95-1 fixed
trixie	9.0.95-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

tomcat6

artful	dne
bionic	dne
cosmic	dne
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
precise	Fixed 6.0.35-1ubuntu3.9 released
trusty	needed
xenial	Fixed 6.0.45+dfsg-1ubuntu0.1 released
yakkety	dne
zesty	dne

tomcat7

artful	not-affected
bionic	not-affected
cosmic	not-affected
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
precise	ignored
trusty	Fixed 7.0.52-1ubuntu0.8 released
xenial	Fixed 7.0.68-1ubuntu0.3 released
yakkety	ignored
zesty	not-affected

tomcat8

artful	Fixed 8.0.38-2ubuntu1 released
bionic	Fixed 8.0.38-2ubuntu1 released
cosmic	Fixed 8.0.38-2ubuntu1 released
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
precise	dne
trusty	dne
xenial	Fixed 8.0.32-1ubuntu1.3 released
yakkety	Fixed 8.0.37-1ubuntu0.1 released
zesty	Fixed 8.0.38-2ubuntu1 released