Описание
Security update for tomcat
This update fixes the following security issue:
- CVE-2014-7810: Security manager bypass via EL expression (bnc#931442)
Список пакетов
SUSE Linux Enterprise Server 12
tomcat-7.0.55-8.2
tomcat-admin-webapps-7.0.55-8.2
tomcat-docs-webapp-7.0.55-8.2
tomcat-el-2_2-api-7.0.55-8.2
tomcat-javadoc-7.0.55-8.2
tomcat-jsp-2_2-api-7.0.55-8.2
tomcat-lib-7.0.55-8.2
tomcat-servlet-3_0-api-7.0.55-8.2
tomcat-webapps-7.0.55-8.2
SUSE Linux Enterprise Server for SAP Applications 12
tomcat-7.0.55-8.2
tomcat-admin-webapps-7.0.55-8.2
tomcat-docs-webapp-7.0.55-8.2
tomcat-el-2_2-api-7.0.55-8.2
tomcat-javadoc-7.0.55-8.2
tomcat-jsp-2_2-api-7.0.55-8.2
tomcat-lib-7.0.55-8.2
tomcat-servlet-3_0-api-7.0.55-8.2
tomcat-webapps-7.0.55-8.2
Ссылки
- Link for SUSE-SU-2015:1281-1
- E-Mail link for SUSE-SU-2015:1281-1
- SUSE Security Ratings
- SUSE Bug 931442
- SUSE CVE CVE-2014-7810 page
Описание
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Затронутые продукты
SUSE Linux Enterprise Server 12:tomcat-7.0.55-8.2
SUSE Linux Enterprise Server 12:tomcat-admin-webapps-7.0.55-8.2
SUSE Linux Enterprise Server 12:tomcat-docs-webapp-7.0.55-8.2
SUSE Linux Enterprise Server 12:tomcat-el-2_2-api-7.0.55-8.2
Ссылки
- CVE-2014-7810
- SUSE Bug 931442