[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2014-7810

Date: (C)2015-06-08   (M)2017-01-02
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE











The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Reference:
SECTRACK-1032330
BID-74665
DSA-3428
DSA-3447
DSA-3530
HPSBUX03561
RHSA-2015:1621
RHSA-2015:1622
RHSA-2016:0492
RHSA-2016:2046
USN-2655-1
http://svn.apache.org/viewvc?view=revision&revision=1644018
http://svn.apache.org/viewvc?view=revision&revision=1645642
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

CPE    114
cpe:/a:apache:tomcat:6.0.6:alpha
cpe:/a:apache:tomcat:6.0.9:beta
cpe:/a:apache:tomcat:6.0.7:beta
cpe:/a:apache:tomcat:6.0.7:alpha
...
CWE    1
CWE-284
OVAL    15
oval:org.secpod.oval:def:25788
oval:org.secpod.oval:def:25125
oval:org.secpod.oval:def:602314
oval:org.secpod.oval:def:1501407
...

© 2013 SecPod Technologies