CVE-2016-8735CISA KEVEPSS p99.8%

CVE-2016-8735Apache Tomcat Remote Code Execution Vulnerability

Apache / Tomcat

Description

Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.

Scoring

EPSS90.34% probability of exploitation · percentile 99.8% · 2026-06-16T12:03:06Z

CISA KEV entry

Added to KEV: 2023-05-12

(incoming)1

TypeTargetConfidenceTier
KEVEntryApache Tomcat Remote Code Execution Vulnerabilitykev-cve-2016-87350%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Apache Tomcat on Windows Remote Code Execution Vulnerability
CVE
Apache Tomcat Improper Privilege Management Vulnerability
CVE
Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability
CVE
Oracle Java SE and JRockit Unspecified Vulnerability
CVE
Oracle Corporation WebLogic Server Remote Code Execution Vulnerability
CVE
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.