Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2014-7810

Опубликовано: 07 июн. 2015
Источник: debian
EPSS Низкий

Описание

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat6fixed6.0.41-3package
tomcat7fixed7.0.61-1package
tomcat8fixed8.0.21-2package

Примечания

  • Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages

  • http://svn.apache.org/viewvc?view=revision&revision=1645366 (6.x)

  • http://svn.apache.org/viewvc?view=revision&revision=1659538 (6.x)

  • http://svn.apache.org/viewvc?view=revision&revision=1644019 (7.x)

  • http://svn.apache.org/viewvc?view=revision&revision=1645644 (7.x)

EPSS

Процентиль: 92%
0.09321
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2014-7810

ubuntu
около 10 лет назад

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

redhat логотип

CVE-2014-7810

redhat
около 10 лет назад

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

nvd логотип

CVE-2014-7810

nvd
около 10 лет назад

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

suse-cvrf логотип

SUSE-SU-2015:1281-1

suse-cvrf
около 10 лет назад

Security update for tomcat

github логотип

GHSA-4c43-cwvx-9crh

github
около 3 лет назад

Improper Access Control in Apache Tomcat

EPSS

Процентиль: 92%
0.09321
Низкий