[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108741

 
 

909

 
 

85467

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2014-7810Date: (C)2015-06-08   (M)2018-05-13


The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 5.0
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: NONE
Scope: Integrity: PARTIAL
Confidentiality: Availability: NONE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1032330
BID-74665
DSA-3428
DSA-3447
DSA-3530
HPSBUX03561
RHSA-2015:1621
RHSA-2015:1622
RHSA-2016:0492
RHSA-2016:2046
USN-2654-1
USN-2655-1
http://svn.apache.org/viewvc?view=revision&revision=1644018
http://svn.apache.org/viewvc?view=revision&revision=1645642
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

CPE    114
cpe:/a:apache:tomcat:6.0.6:alpha
cpe:/a:apache:tomcat:6.0.9:beta
cpe:/a:apache:tomcat:6.0.7:beta
cpe:/a:apache:tomcat:6.0.7:alpha
...
CWE    1
CWE-284
OVAL    15
oval:org.secpod.oval:def:702622
oval:org.secpod.oval:def:602335
oval:org.secpod.oval:def:702625
oval:org.secpod.oval:def:602314
...

© SecPod Technologies