CVE-2014-7810

NONECVSS 0.0

0.0

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

🔗 References (58)

secalert@redhathttp://marc.info/?l=bugtraq&m=145974991225029&w=2
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2015-1621.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2015-1622.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2016-0492.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2016-2046.html
secalert@redhathttp://svn.apache.org/viewvc?view=revision&revision=1644018
secalert@redhathttp://svn.apache.org/viewvc?view=revision&revision=1645642
secalert@redhathttp://tomcat.apache.org/security-6.html
secalert@redhathttp://tomcat.apache.org/security-7.html
secalert@redhathttp://tomcat.apache.org/security-8.html
secalert@redhathttp://www.debian.org/security/2015/dsa-3428
secalert@redhathttp://www.debian.org/security/2016/dsa-3447
secalert@redhathttp://www.debian.org/security/2016/dsa-3530
secalert@redhathttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
secalert@redhathttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Is Your Infrastructure Affected by CVE-2014-7810?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2014-7810

📅 Published

🔄 Last Modified

🔗 References (58)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2014-7810?