ELSA-2016-0492

Опубликовано: 22 мар. 2016

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2016-0492: tomcat6 security and bug fix update (MODERATE)

[0:6.0.24-94]

Resolves: rhbz#1293289 CVE-2014-7810 tomcat6 security manager bypass via EL expressions

[0:6.0.24-93]

Resolves: rhbz#1301646 Resolving NIO connector memory leak

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

tomcat6

6.0.24-94.el6_7

tomcat6-admin-webapps

6.0.24-94.el6_7

tomcat6-docs-webapp

6.0.24-94.el6_7

tomcat6-el-2.1-api

6.0.24-94.el6_7

tomcat6-javadoc

6.0.24-94.el6_7

tomcat6-jsp-2.1-api

6.0.24-94.el6_7

tomcat6-lib

6.0.24-94.el6_7

tomcat6-servlet-2.5-api

6.0.24-94.el6_7

tomcat6-webapps

6.0.24-94.el6_7

Oracle Linux sparc64

tomcat6

6.0.24-94.el6_7

tomcat6-admin-webapps

6.0.24-94.el6_7

tomcat6-docs-webapp

6.0.24-94.el6_7

tomcat6-el-2.1-api

6.0.24-94.el6_7

tomcat6-javadoc

6.0.24-94.el6_7

tomcat6-jsp-2.1-api

6.0.24-94.el6_7

tomcat6-lib

6.0.24-94.el6_7

tomcat6-servlet-2.5-api

6.0.24-94.el6_7

tomcat6-webapps

6.0.24-94.el6_7

Связанные CVE

CVE-2014-7810

Ссылки на источники

Связанные уязвимости

CVE-2014-7810

ubuntu

около 10 лет назад

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

CVE-2014-7810

redhat

около 10 лет назад

CVE-2014-7810

nvd

около 10 лет назад

CVE-2014-7810

debian

около 10 лет назад

The Expression Language (EL) implementation in Apache Tomcat 6.x befor ...

SUSE-SU-2015:1281-1

suse-cvrf

около 10 лет назад

Security update for tomcat