Finding #92 — CVE-2016-3427
| Inventory item | apache-test 2.4.37 (software, apache) |
|---|---|
| Title | Apache Tomcat: Apache Tomcat Remote Code Execution Vulnerability |
| Match | keyword / confidence low |
| Status | new |
| First seen | 2026-06-11T07:35:12Z |
| Last updated | 2026-06-11T07:35:12Z |
| CVE | CVE-2016-3427 KEV since 2023-05-12 |
| CVSS | not enriched yet (pending) |
| Description | Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. |
| Source advisory | Apache Tomcat: Apache Tomcat Remote Code Execution Vulnerability Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types. |