Question

Apache Vulnerability CVE-2016-8735

1 month ago
February 17, 2025
4 replies
73 views

+14

Mauro
Byte

This one is a bit of an old vulnerability and I see there has been an update to its status this month.

A customer has picked up this vulnerability on the Commserve. They’re running V11.28.102.

I cannot find any information on the security bulletin site. I’ve recommended that they upgrade to V11.28.137 as there is mention of some Apache vulnerability patches mentioned (but not which ones)and then run the vulnerability scanner.

Does anyone have any info or experience in this particular issue that we’ve noted?

+12

Rajiv
Vaulter
1 month ago
February 17, 2025

Hello @Mauro I would suggest you open a support ticket with us to get this investigated.

Best,

Rajiv Singal

Blaine Busler
Vaulter
1 month ago
February 18, 2025

No version of Commvault was ever affected by CVE-2016-8735.

The earliest version of Tomcat 9.x we ever used (back in SP16 or so) was 9.0.12, and the CVE only affected old milestone releases of 9.0.0, per the CVE description.

If the customer still has concerns, they will need to open a ticket and provide details from their security audit.

+19

Onno van den Berg
Commvault Certified Expert
1 month ago
February 18, 2025

Funny to see that their vulnerability scanner found something vulnerable in Commvault version that is already more than a year old. I hope their scanning is part of a bigger project to improve their resilience, but leaving you environment unpatched for so long is waiting for a disaster to strike…..

+14

Mauro
Byte
1 month ago
March 11, 2025

Thanks for the feedback all. I wasn’t available for a few weeks, hence my late response.

I will pass this feedback to the customer and log a ticket if they still have concerns.

I’ll provide feedback.

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Related topics

Niet tevreden over aanbod Recommerce bij inleveren oude toestelicon

Ik heb de 75 euro bonus voor het inleveren van mijn oude telefoon niet ontvangenicon

Lever je oude mobiele telefoon in: duurzaam en goed voor je portemonnee

Niet tevreden over afhandeling klacht inruilwaarde oude telefoonicon

Toestel ingeleverd via Recommerce en nu ineens een ander aanbodicon

Most helpful members this week

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings