CVE-2016-8735

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2017-0457.html	Third Party Advisory
http://seclists.org/oss-sec/2016/q4/502	Mailing List Mitigation Third Party Advisory
http://svn.apache.org/viewvc?view=revision&revision=1767644	Patch Broken Link
http://svn.apache.org/viewvc?view=revision&revision=1767656	Patch Broken Link
http://svn.apache.org/viewvc?view=revision&revision=1767676	Patch Broken Link
http://svn.apache.org/viewvc?view=revision&revision=1767684	Patch Broken Link
http://tomcat.apache.org/security-6.html	Release Notes Vendor Advisory
http://tomcat.apache.org/security-7.html	Release Notes Vendor Advisory
http://tomcat.apache.org/security-8.html	Release Notes Vendor Advisory
http://tomcat.apache.org/security-9.html	Release Notes Vendor Advisory
http://www.debian.org/security/2016/dsa-3738	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Patch Third Party Advisory
http://www.securityfocus.com/bid/94463	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037331	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:0455	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0456	Third Party Advisory
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://security.netapp.com/advisory/ntap-20180607-0001/	Third Party Advisory
https://usn.ubuntu.com/4557-1/	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0457.html	Third Party Advisory
http://seclists.org/oss-sec/2016/q4/502	Mailing List Mitigation Third Party Advisory
http://svn.apache.org/viewvc?view=revision&revision=1767644	Patch Broken Link
http://svn.apache.org/viewvc?view=revision&revision=1767656	Patch Broken Link
http://svn.apache.org/viewvc?view=revision&revision=1767676	Patch Broken Link
http://svn.apache.org/viewvc?view=revision&revision=1767684	Patch Broken Link
http://tomcat.apache.org/security-6.html	Release Notes Vendor Advisory
http://tomcat.apache.org/security-7.html	Release Notes Vendor Advisory
http://tomcat.apache.org/security-8.html	Release Notes Vendor Advisory
http://tomcat.apache.org/security-9.html	Release Notes Vendor Advisory
http://www.debian.org/security/2016/dsa-3738	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Patch Third Party Advisory
http://www.securityfocus.com/bid/94463	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037331	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:0455	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0456	Third Party Advisory
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://security.netapp.com/advisory/ntap-20180607-0001/	Third Party Advisory
https://usn.ubuntu.com/4557-1/	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat:9.0.0:-::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:netapp:7-mode_transition_tool:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_shift:-:::::::*
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR	cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:::::::*
	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:::::::*
	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.5:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
	cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:::::::*
	cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:::::::*
	cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
	cpe:2.3:a:oracle:micros_relate_crm_software:10.8:::::::*
	cpe:2.3:a:oracle:micros_relate_crm_software:11.4:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.7:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.0:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.1:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.2:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.3:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.4:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.5:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.6:::::::*
	cpe:2.3:a:oracle:transportation_management:6.3.7:::::::*

History

13 Mar 2025, 21:00

Type	Values Removed	Values Added
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767644 - Patch~~	() http://svn.apache.org/viewvc?view=revision&revision=1767644 - Patch, Broken Link
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767656 - Patch~~	() http://svn.apache.org/viewvc?view=revision&revision=1767656 - Patch, Broken Link
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767676 - Patch~~	() http://svn.apache.org/viewvc?view=revision&revision=1767676 - Patch, Broken Link
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767684 - Patch~~	() http://svn.apache.org/viewvc?view=revision&revision=1767684 - Patch, Broken Link

21 Nov 2024, 02:59

27 Jun 2024, 19:23

08 Dec 2023, 16:41

Type	Values Removed	Values Added
CPE	cpe:2.3:a:apache:tomcat:9.0.0:m11:::::: cpe:2.3:a:apache:tomcat:9.0.0:m1:::::: cpe:2.3:a:apache:tomcat:9.0.0:m6:::::: cpe:2.3:a:apache:tomcat:9.0.0:m3:::::: cpe:2.3:a:apache:tomcat:9.0.0:m4:::::: cpe:2.3:a:apache:tomcat:9.0.0:m10:::::: cpe:2.3:a:apache:tomcat:9.0.0:m8:::::: cpe:2.3:a:apache:tomcat:9.0.0:m5:::::: cpe:2.3:a:apache:tomcat:9.0.0:m7:::::: cpe:2.3:a:apache:tomcat:9.0.0:m9:::::: cpe:2.3:a:apache:tomcat:9.0.0:m2::::::	cpe:2.3:a:apache:tomcat:9.0.0:milestone6:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone4:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone11:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone5:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone3:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone8:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone7:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone10:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone2:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone1:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::

Information

Published : 2017-04-06 21:59

Updated : 2025-04-20 01:37

NVD link : CVE-2016-8735

Mitre link : CVE-2016-8735

CVE.ORG link : CVE-2016-8735

JSON object : View

Products Affected

oracle

micros_retail_xbri_loss_prevention
micros_relate_crm_software
agile_engineering_data_management
communications_interactive_session_recorder
retail_convenience_and_fuel_pos_software
transportation_management
communications_instant_messaging_server
mysql_enterprise_monitor
agile_plm
hospitality_guest_access
communications_application_session_controller

netapp

oncommand_shift
snap_creator_framework
oncommand_insight
7-mode_transition_tool

debian

debian_linux

redhat

jboss_enterprise_web_server

apache

tomcat

canonical

ubuntu_linux

CWE

NVD-CWE-noinfo

{"id": "CVE-2016-8735", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-04-06T21:59:00.243", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://seclists.org/oss-sec/2016/q4/502", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767644", "tags": ["Patch", "Broken Link"], "source": "security@apache.org"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767656", "tags": ["Patch", "Broken Link"], "source": "security@apache.org"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767676", "tags": ["Patch", "Broken Link"], "source": "security@apache.org"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767684", "tags": ["Patch", "Broken Link"], "source": "security@apache.org"}, {"url": "http://tomcat.apache.org/security-6.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://tomcat.apache.org/security-7.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://tomcat.apache.org/security-8.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://tomcat.apache.org/security-9.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.debian.org/security/2016/dsa-3738", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://www.securityfocus.com/bid/94463", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "http://www.securitytracker.com/id/1037331", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:0455", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:0456", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20180607-0001/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://usn.ubuntu.com/4557-1/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/oss-sec/2016/q4/502", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767644", "tags": ["Patch", "Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767656", "tags": ["Patch", "Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767676", "tags": ["Patch", "Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767684", "tags": ["Patch", "Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tomcat.apache.org/security-6.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tomcat.apache.org/security-7.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tomcat.apache.org/security-8.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tomcat.apache.org/security-9.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2016/dsa-3738", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/94463", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1037331", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2017:0455", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2017:0456", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20180607-0001/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/4557-1/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types."}, {"lang": "es", "value": "La ejecuci\u00f3n remota de c\u00f3digo es posible con Apache Tomcat en versiones anteriores a 6.0.48, 7.x en versiones anteriores a 7.0.73, 8.x en versiones anteriores a 8.0.39, 8.5.x en versiones anteriores a 8.5.7 y 9.x en versiones anteriores a 9.0.0.M12 si JmxRemoteLifecycleListener es utilizado y un atacante puede llegar a los puertos JMX. El problema existe porque este oyente no se actualiz\u00f3 por coherencia con el parche de Oracle CVE-2016-3427 que afect\u00f3 a los tipos de credenciales."}], "lastModified": "2025-04-20T01:37:25.860", "cisaActionDue": "2023-06-02", "cisaExploitAdd": "2023-05-12", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDAB7E8F-98DA-43F2-B2AE-F0C5F1581B4A", "versionEndExcluding": "6.0.48"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39AB06BF-6948-44FA-AE78-CDEF64D7B771", "versionEndExcluding": "7.0.73", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBC4F54A-F99A-4B1A-AAE4-0C64950C118D", "versionEndExcluding": "8.0.39", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE43E8ED-8C32-42AF-A76F-8731C0F8DE7D", "versionEndExcluding": "8.5.7", "versionStartIncluding": "8.5.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67BBBD83-E232-4198-9748-C512D9E0EEDD"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"}, {"criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08"}, {"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E2F2F98-DB90-43F6-8F28-3656207B6188"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61C5D278-11E5-4A2F-9860-6FFA579398CD"}, {"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B21D189-0E7D-4878-91A0-BE38A4ABA1FD"}, {"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"}, {"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC967A48-D834-4E9B-8CEC-057E7D5B8174"}, {"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F920CDE4-DF29-4611-93E9-A386C89EDB62"}, {"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "622B95F1-8FA4-4AA6-9B68-5FE4302BA150"}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C510CE66-DD71-45C8-B678-9BD81EC7FFBB"}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF0A211C-7C3D-46AE-B525-890A9194C422"}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1AD7C68-81DF-4332-AEB3-B368E0221F52"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"}, {"criteria": "cpe:2.3:a:oracle:micros_relate_crm_software:10.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDE82F56-65B9-490B-8096-037ADD9819AB"}, {"criteria": "cpe:2.3:a:oracle:micros_relate_crm_software:11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE3A1A04-5AAE-40D9-842A-8B46211C5D95"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78933DD0-F774-4E60-BC66-D5A57919717A"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ECA7A7E-8177-4FD4-B9B9-F4B1B6F43F98"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73C9A2AD-F384-44D5-AB33-86B7250760A5"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD8F1BF2-C047-4296-815B-B21A2A673DFF"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA3F5761-E2A0-4F67-BAE1-503877676BF3"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1E3C86B-4483-430A-856D-7EAB7D388D2E"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC2D40A0-F2F0-476C-959E-39CA64B430ED", "versionEndIncluding": "3.2.8.2223"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C992CCD1-54C9-4BC2-876F-7A5D76571DEA", "versionEndIncluding": "3.3.4.3247", "versionStartIncluding": "3.3.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEBB610E-4FE2-41C2-B3A3-D67077A60F82", "versionEndIncluding": "3.4.2.4181", "versionStartIncluding": "3.4.0"}, {"criteria": "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA5B8931-D3B4-46A9-B1A0-9A6BBA365FC8"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "231DDD84-5AF3-4F0D-81D8-DA0F942E78F1"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7A714FB-050A-4040-BC57-C22FA4DD58D2"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A775321B-6DFB-4770-8F6D-D34D655438AF"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "835BB7D9-633C-4CB3-8E8F-CA6FD62E587A"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48FE41BA-1E3C-4626-930F-3F8FEE124A78"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40F284EF-05CF-4CF5-B7CA-F58AE01DA3B6"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C09892E8-D580-488A-A80E-B358D682A25A"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A58642E0-CA59-4DE6-A83C-F551FC621C32"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apache Tomcat Remote Code Execution Vulnerability"}

Type	Values Removed	Values Added
References	~~() http://rhn.redhat.com/errata/RHSA-2017-0457.html -~~	() http://rhn.redhat.com/errata/RHSA-2017-0457.html - Third Party Advisory
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767644 - Issue Tracking, Patch, Third Party Advisory~~	() http://svn.apache.org/viewvc?view=revision&revision=1767644 - Patch
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767656 - Issue Tracking, Patch, Third Party Advisory~~	() http://svn.apache.org/viewvc?view=revision&revision=1767656 - Patch
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767676 - Issue Tracking, Patch, Third Party Advisory~~	() http://svn.apache.org/viewvc?view=revision&revision=1767676 - Patch
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1767684 - Issue Tracking, Patch, Third Party Advisory~~	() http://svn.apache.org/viewvc?view=revision&revision=1767684 - Patch
References	~~() http://www.debian.org/security/2016/dsa-3738 -~~	() http://www.debian.org/security/2016/dsa-3738 - Mailing List, Third Party Advisory
References	~~() http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html -~~	() http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html - Patch, Third Party Advisory
References	~~() http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html -~~	() http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Third Party Advisory
References	~~() http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html -~~	() http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory
References	~~() http://www.securityfocus.com/bid/94463 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/94463 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1037331 -~~	() http://www.securitytracker.com/id/1037331 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://access.redhat.com/errata/RHSA-2017:0455 -~~	() https://access.redhat.com/errata/RHSA-2017:0455 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2017:0456 -~~	() https://access.redhat.com/errata/RHSA-2017:0456 - Third Party Advisory
References	~~() https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://security.netapp.com/advisory/ntap-20180607-0001/ -~~	() https://security.netapp.com/advisory/ntap-20180607-0001/ - Third Party Advisory
References	~~() https://usn.ubuntu.com/4557-1/ -~~	() https://usn.ubuntu.com/4557-1/ - Third Party Advisory
References	~~() https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html -~~	() https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html - Patch, Third Party Advisory
References	~~() https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html -~~	() https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - Patch, Third Party Advisory
CWE	~~CWE-284~~	NVD-CWE-noinfo
First Time		Oracle agile Engineering Data Management Oracle communications Instant Messaging Server Oracle micros Retail Xbri Loss Prevention Netapp Canonical Debian debian Linux Oracle hospitality Guest Access Oracle communications Application Session Controller Redhat jboss Enterprise Web Server Netapp snap Creator Framework Netapp 7-mode Transition Tool Debian Oracle agile Plm Oracle communications Interactive Session Recorder Redhat Canonical ubuntu Linux Netapp oncommand Shift Netapp oncommand Insight Oracle Oracle transportation Management Oracle mysql Enterprise Monitor Oracle retail Convenience And Fuel Pos Software Oracle micros Relate Crm Software
CPE	cpe:2.3:a:apache:tomcat:8.5.3:::::::* cpe:2.3:a:apache:tomcat:7.0.31:::::::* cpe:2.3:a:apache:tomcat:6.0.32:::::::* cpe:2.3:a:apache:tomcat:6.0.10:::::::* cpe:2.3:a:apache:tomcat:8.0.32:::::::* cpe:2.3:a:apache:tomcat:7.0.28:::::::* cpe:2.3:a:apache:tomcat:7.0.45:::::::* cpe:2.3:a:apache:tomcat:7.0.7:::::::* cpe:2.3:a:apache:tomcat:7.0.56:::::::* cpe:2.3:a:apache:tomcat:7.0.8:::::::* cpe:2.3:a:apache:tomcat:7.0.63:::::::* cpe:2.3:a:apache:tomcat:6.0.44:::::::* cpe:2.3:a:apache:tomcat:8.0.31:::::::* cpe:2.3:a:apache:tomcat:7.0.12:::::::* cpe:2.3:a:apache:tomcat:6.0.35:::::::* cpe:2.3:a:apache:tomcat:7.0.26:::::::* cpe:2.3:a:apache:tomcat:6.0.15:::::::* cpe:2.3:a:apache:tomcat:8.0.22:::::::* cpe:2.3:a:apache:tomcat:7.0.30:::::::* cpe:2.3:a:apache:tomcat:7.0.66:::::::* cpe:2.3:a:apache:tomcat:7.0.64:::::::* cpe:2.3:a:apache:tomcat:7.0.43:::::::* cpe:2.3:a:apache:tomcat:6.0.26:::::::* cpe:2.3:a:apache:tomcat:7.0.55:::::::* cpe:2.3:a:apache:tomcat:6.0.2:::::::* cpe:2.3:a:apache:tomcat:7.0.18:::::::* cpe:2.3:a:apache:tomcat:7.0.3:::::::* cpe:2.3:a:apache:tomcat:8.0.33:::::::* cpe:2.3:a:apache:tomcat:6.0.21:::::::* cpe:2.3:a:apache:tomcat:8.0.29:::::::* cpe:2.3:a:apache:tomcat:7.0.50:::::::* cpe:2.3:a:apache:tomcat:7.0.15:::::::* cpe:2.3:a:apache:tomcat:8.0.5:::::::* cpe:2.3:a:apache:tomcat:7.0.68:::::::* cpe:2.3:a:apache:tomcat:7.0.58:::::::* cpe:2.3:a:apache:tomcat:7.0.52:::::::* cpe:2.3:a:apache:tomcat:7.0.60:::::::* cpe:2.3:a:apache:tomcat:7.0.70:::::::* cpe:2.3:a:apache:tomcat:8.0.26:::::::* cpe:2.3:a:apache:tomcat:8.0.0:::::::* cpe:2.3:a:apache:tomcat:7.0.49:::::::* cpe:2.3:a:apache:tomcat:6.0.4:::::::* cpe:2.3:a:apache:tomcat:7.0.41:::::::* cpe:2.3:a:apache:tomcat:7.0.46:::::::* cpe:2.3:a:apache:tomcat:8.0.30:::::::* cpe:2.3:a:apache:tomcat:6.0.24:::::::* cpe:2.3:a:apache:tomcat:6.0.38:::::::* cpe:2.3:a:apache:tomcat:7.0.54:::::::* cpe:2.3:a:apache:tomcat:6.0.43:::::::* cpe:2.3:a:apache:tomcat:7.0.10:::::::* cpe:2.3:a:apache:tomcat:7.0.34:::::::* cpe:2.3:a:apache:tomcat:8.0.14:::::::* cpe:2.3:a:apache:tomcat:8.0.18:::::::* cpe:2.3:a:apache:tomcat:7.0.67:::::::* cpe:2.3:a:apache:tomcat:7.0.0:::::::* cpe:2.3:a:apache:tomcat:7.0.22:::::::* cpe:2.3:a:apache:tomcat:7.0.59:::::::* cpe:2.3:a:apache:tomcat:6.0.31:::::::* cpe:2.3:a:apache:tomcat:8.5.1:::::::* cpe:2.3:a:apache:tomcat:8.0.19:::::::* cpe:2.3:a:apache:tomcat:7.0.47:::::::* cpe:2.3:a:apache:tomcat:6.0.17:::::::* cpe:2.3:a:apache:tomcat:6.0.6:::::::* cpe:2.3:a:apache:tomcat:8.5.0:::::::* cpe:2.3:a:apache:tomcat:7.0.62:::::::* cpe:2.3:a:apache:tomcat:8.0.17:::::::* cpe:2.3:a:apache:tomcat:8.0.24:::::::* cpe:2.3:a:apache:tomcat:8.0.20:::::::* cpe:2.3:a:apache:tomcat:6.0.25:::::::* cpe:2.3:a:apache:tomcat:8.0.4:::::::* cpe:2.3:a:apache:tomcat:7.0.17:::::::* cpe:2.3:a:apache:tomcat:8.5.6:::::::* cpe:2.3:a:apache:tomcat:8.0.34:::::::* cpe:2.3:a:apache:tomcat:6.0.9:::::::* cpe:2.3:a:apache:tomcat:7.0.61:::::::* cpe:2.3:a:apache:tomcat:6.0.39:::::::* cpe:2.3:a:apache:tomcat:6.0.34:::::::* cpe:2.3:a:apache:tomcat:7.0.40:::::::* cpe:2.3:a:apache:tomcat:6.0.16:::::::* cpe:2.3:a:apache:tomcat:7.0.37:::::::* cpe:2.3:a:apache:tomcat:7.0.27:::::::* cpe:2.3:a:apache:tomcat:6.0.1:::::::* cpe:2.3:a:apache:tomcat:6.0.11:::::::* cpe:2.3:a:apache:tomcat:8.0.15:::::::* cpe:2.3:a:apache:tomcat:6.0.27:::::::* cpe:2.3:a:apache:tomcat:6.0.47:::::::* cpe:2.3:a:apache:tomcat:6.0.7:::::::* cpe:2.3:a:apache:tomcat:7.0.29:::::::* cpe:2.3:a:apache:tomcat:8.0.37:::::::* cpe:2.3:a:apache:tomcat:7.0.72:::::::* cpe:2.3:a:apache:tomcat:8.0.25:::::::* cpe:2.3:a:apache:tomcat:8.5.4:::::::* cpe:2.3:a:apache:tomcat:7.0.2:::::::* cpe:2.3:a:apache:tomcat:7.0.69:::::::* cpe:2.3:a:apache:tomcat:8.0.11:::::::* cpe:2.3:a:apache:tomcat:7.0.51:::::::* cpe:2.3:a:apache:tomcat:7.0.16:::::::* cpe:2.3:a:apache:tomcat:6.0.13:::::::* cpe:2.3:a:apache:tomcat:7.0.32:::::::* cpe:2.3:a:apache:tomcat:7.0.33:::::::* cpe:2.3:a:apache:tomcat:6.0.46:::::::* cpe:2.3:a:apache:tomcat:7.0.57:::::::* cpe:2.3:a:apache:tomcat:8.0.6:::::::* cpe:2.3:a:apache:tomcat:8.0.28:::::::* cpe:2.3:a:apache:tomcat:8.0.8:::::::* cpe:2.3:a:apache:tomcat:6.0.30:::::::* cpe:2.3:a:apache:tomcat:7.0.4:::::::* cpe:2.3:a:apache:tomcat:8.0.36:::::::* cpe:2.3:a:apache:tomcat:6.0.20:::::::* cpe:2.3:a:apache:tomcat:8.0.23:::::::* cpe:2.3:a:apache:tomcat:6.0.19:::::::* cpe:2.3:a:apache:tomcat:6.0.3:::::::* cpe:2.3:a:apache:tomcat:7.0.14:::::::* cpe:2.3:a:apache:tomcat:7.0.24:::::::* cpe:2.3:a:apache:tomcat:8.0.27:::::::* cpe:2.3:a:apache:tomcat:8.0.35:::::::* cpe:2.3:a:apache:tomcat:7.0.13:::::::* cpe:2.3:a:apache:tomcat:7.0.11:::::::* cpe:2.3:a:apache:tomcat:6.0.41:::::::* cpe:2.3:a:apache:tomcat:7.0.48:::::::* cpe:2.3:a:apache:tomcat:7.0.25:::::::* cpe:2.3:a:apache:tomcat:7.0.21:::::::* cpe:2.3:a:apache:tomcat:6.0.42:::::::* cpe:2.3:a:apache:tomcat:7.0.5:::::::* cpe:2.3:a:apache:tomcat:7.0.6:::::::* cpe:2.3:a:apache:tomcat:7.0.39:::::::* cpe:2.3:a:apache:tomcat:6.0.22:::::::* cpe:2.3:a:apache:tomcat:6.0.40:::::::* cpe:2.3:a:apache:tomcat:7.0.44:::::::* cpe:2.3:a:apache:tomcat:7.0.9:::::::* cpe:2.3:a:apache:tomcat:7.0.53:::::::* cpe:2.3:a:apache:tomcat:8.5.5:::::::* cpe:2.3:a:apache:tomcat:6.0.36:::::::* cpe:2.3:a:apache:tomcat:8.0.13:::::::* cpe:2.3:a:apache:tomcat:6.0.12:::::::* cpe:2.3:a:apache:tomcat:8.0.1:::::::* cpe:2.3:a:apache:tomcat:7.0.35:::::::* cpe:2.3:a:apache:tomcat:6.0.28:::::::* cpe:2.3:a:apache:tomcat:8.0.3:::::::* cpe:2.3:a:apache:tomcat:8.0.38:::::::* cpe:2.3:a:apache:tomcat:7.0.65:::::::* cpe:2.3:a:apache:tomcat:6.0.33:::::::* cpe:2.3:a:apache:tomcat:7.0.23:::::::* cpe:2.3:a:apache:tomcat:8.0.16:::::::* cpe:2.3:a:apache:tomcat:6.0.0:::::::* cpe:2.3:a:apache:tomcat:7.0.20:::::::* cpe:2.3:a:apache:tomcat:6.0.14:::::::* cpe:2.3:a:apache:tomcat:6.0.23:::::::* cpe:2.3:a:apache:tomcat:6.0.8:::::::* cpe:2.3:a:apache:tomcat:6.0.45:::::::* cpe:2.3:a:apache:tomcat:7.0.38:::::::* cpe:2.3:a:apache:tomcat:8.0.7:::::::* cpe:2.3:a:apache:tomcat:6.0.37:::::::* cpe:2.3:a:apache:tomcat:7.0.19:::::::* cpe:2.3:a:apache:tomcat:8.0.21:::::::* cpe:2.3:a:apache:tomcat:8.0.2:::::::* cpe:2.3:a:apache:tomcat:8.5.2:::::::* cpe:2.3:a:apache:tomcat:8.0.9:::::::* cpe:2.3:a:apache:tomcat:6.0.29:::::::* cpe:2.3:a:apache:tomcat:7.0.42:::::::* cpe:2.3:a:apache:tomcat:6.0.18:::::::* cpe:2.3:a:apache:tomcat:7.0.1:::::::* cpe:2.3:a:apache:tomcat:7.0.36:::::::* cpe:2.3:a:apache:tomcat:8.0.12:::::::* cpe:2.3:a:apache:tomcat:8.0.10:::::::* cpe:2.3:a:apache:tomcat:7.0.71:::::::* cpe:2.3:a:apache:tomcat:6.0.5:::::::*	cpe:2.3:a:oracle:micros_relate_crm_software:11.4:::::::* cpe:2.3:a:netapp:7-mode_transition_tool:-:::::::* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:::::::* cpe:2.3:a:oracle:transportation_management:6.3.6:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::* cpe:2.3:a:apache:tomcat:::::::: cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:::::::* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:::::::* cpe:2.3:a:oracle:mysql_enterprise_monitor:::::::: cpe:2.3:a:oracle:transportation_management:6.3.2:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.7:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:::::::* cpe:2.3:a:oracle:transportation_management:6.3.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:a:oracle:transportation_management:6.3.5:::::::* cpe:2.3:a:netapp:oncommand_shift:-:::::::* cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:::::::* cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:::::::* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:::::::* cpe:2.3:a:apache:tomcat:9.0.0:-:::::: cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::* cpe:2.3:a:oracle:transportation_management:6.3.3:::::::* cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:::::::* cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:::::::* cpe:2.3:a:oracle:transportation_management:6.3.1:::::::* cpe:2.3:a:netapp:oncommand_insight:-:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:::::::* cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:::::::* cpe:2.3:a:oracle:transportation_management:6.3.4:::::::* cpe:2.3:a:oracle:transportation_management:6.3.7:::::::* cpe:2.3:a:oracle:agile_plm:9.3.5:::::::* cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:::::::* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::* cpe:2.3:a:oracle:agile_plm:9.3.6:::::::* cpe:2.3:a:netapp:snap_creator_framework:-:::::::* cpe:2.3:a:oracle:micros_relate_crm_software:10.8:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:::::::*

9.8 /10