[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87854

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2014-7810Date: (C)2015-06-08   (M)2018-09-07


The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1032330
BID-74665
DSA-3428
DSA-3447
DSA-3530
HPSBUX03561
RHSA-2015:1621
RHSA-2015:1622
RHSA-2016:0492
RHSA-2016:2046
USN-2654-1
USN-2655-1
http://svn.apache.org/viewvc?view=revision&revision=1644018
http://svn.apache.org/viewvc?view=revision&revision=1645642
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

CPE    114
cpe:/a:apache:tomcat:6.0.6:alpha
cpe:/a:apache:tomcat:6.0.0:alpha
cpe:/a:apache:tomcat:8.0.9
cpe:/a:apache:tomcat:7.0.50
...
CWE    1
CWE-284
OVAL    16
oval:org.secpod.oval:def:1501407
oval:org.secpod.oval:def:602335
oval:org.secpod.oval:def:702622
oval:org.secpod.oval:def:702625
...

© SecPod Technologies