CVE-2014-7810

Опубликовано: 07 июн. 2015

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:11.31:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.09321

Низкий

5 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

CVE-2014-7810

ubuntu

около 10 лет назад

CVE-2014-7810

redhat

около 10 лет назад

CVE-2014-7810

debian

около 10 лет назад

The Expression Language (EL) implementation in Apache Tomcat 6.x befor ...

SUSE-SU-2015:1281-1

suse-cvrf

около 10 лет назад

Security update for tomcat

GHSA-4c43-cwvx-9crh

github

около 3 лет назад

Improper Access Control in Apache Tomcat

EPSS

Процентиль: 92%

0.09321

Низкий

5 Medium

CVSS2

Дефекты

CWE-284