Added CVE-2016-8735 Apache Tomcat JMX RCE template

[aybanda]

Template / PR Information

Add CVE-2016-8735 Apache Tomcat JMX RCE template

This PR adds a new Nuclei template to detect CVE-2016-8735, a remote code execution vulnerability in Apache Tomcat's JMX implementation.

• Vulnerability: Apache Tomcat JMX Remote Code Execution
• Affected versions: before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12
• CVSS Score: 10 (Critical)

The template checks for vulnerable versions and the presence of JMXProxyServlet, indicating potential exposure to this vulnerability.

• Added CVE-2016-8735
• References:
  • http://rhn.redhat.com/errata/RHSA-2017-0457.html
  • http://www.securityfocus.com/bid/94463
  • http://tomcat.apache.org/security-9.html

Template Validation

I've validated this template locally?

• YES
• NO

Additional Details

N/A

/claim #10893

[algora-pbc]

👉 To complete your submission, sign up on Algora, link your Github account and submit the data for your PR.

[GeorginaReeder]

Thanks so much for your contribution @aybanda ! :)

[ritikchaddha]

Hi @aybanda,

Thank you for sharing this template! Currently, we are not accepting version-based templates. However, if you can provide a complete proof of concept (POC) along with exploitation information, please feel free to resubmit your bounty claim. We would be happy to review it.

Thanks!