CVE-2014-7810
published 2015-06-07CVE-2014-7810: The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the…
PriorityP337medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
13.87%
96.1th percentile
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Affected
105 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_ubuntu6.4MEDIUM
vendor_apache5.0HIGH
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper Access Control in Apache Tomcat
osv·2022-05-14
CVE-2014-7810 [MEDIUM] Improper Access Control in Apache Tomcat
Improper Access Control in Apache Tomcat
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
GHSA
Improper Access Control in Apache Tomcat
ghsa·2022-05-14
CVE-2014-7810 [MEDIUM] CWE-284 Improper Access Control in Apache Tomcat
Improper Access Control in Apache Tomcat
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
OSV
tomcat7 vulnerabilities
osv·2015-06-25·CVSS 4.3
CVE-2014-0119 [MEDIUM] tomcat7 vulnerabilities
tomcat7 vulnerabilities
It was discovered that the Tomcat XML parser incorrectly handled XML
External Entities (XXE). A remote attacker could possibly use this issue to
read arbitrary files. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-0119)
It was discovered that Tomcat incorrectly handled data with malformed
chunked transfer coding. A remote attacker could possibly use this issue to
conduct HTTP request smuggling attacks, or cause Tomcat to consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2014-0227)
It was discovered that Tomcat incorrectly handled HTTP responses occurring
before the entire request body was finished being read. A remote attacker
could possibly use this issue to cause a limited denial of service. This
issue on
OSV
CVE-2014-7810: The Expression Language (EL) implementation in Apache Tomcat 6
osv·2015-06-07·CVSS 5.0
CVE-2014-7810 [MEDIUM] CVE-2014-7810: The Expression Language (EL) implementation in Apache Tomcat 6
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Ubuntu
Tomcat vulnerabilities
vendor_ubuntu·2015-06-25·CVSS 6.4
CVE-2014-0227 [MEDIUM] Tomcat vulnerabilities
Title: Tomcat vulnerabilities
Summary: Several security issues were fixed in Tomcat.
It was discovered that Tomcat incorrectly handled data with malformed
chunked transfer coding. A remote attacker could possibly use this issue to
conduct HTTP request smuggling attacks, or cause Tomcat to consume
resources, resulting in a denial of service. (CVE-2014-0227)
It was discovered that Tomcat incorrectly handled HTTP responses occurring
before the entire request body was finished being read. A remote attacker
could possibly use this issue to cause a limited denial of service.
(CVE-2014-0230)
It was discovered that the Tomcat Expression Language (EL) implementation
incorrectly handled accessible interfaces implemented by inaccessible
classes. An attacker could possibly use this issue to bypass
Ubuntu
Tomcat vulnerabilities
vendor_ubuntu·2015-06-25·CVSS 4.3
CVE-2014-0119 [MEDIUM] Tomcat vulnerabilities
Title: Tomcat vulnerabilities
Summary: Several security issues were fixed in Tomcat.
It was discovered that the Tomcat XML parser incorrectly handled XML
External Entities (XXE). A remote attacker could possibly use this issue to
read arbitrary files. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-0119)
It was discovered that Tomcat incorrectly handled data with malformed
chunked transfer coding. A remote attacker could possibly use this issue to
conduct HTTP request smuggling attacks, or cause Tomcat to consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2014-0227)
It was discovered that Tomcat incorrectly handled HTTP responses occurring
before the entire request body was finished being read. A remote attacker
could possibly use
Red Hat
Tomcat/JbossWeb: security manager bypass via EL expressions
vendor_redhat·2015-05-14·CVSS 5.0
CVE-2014-7810 [MEDIUM] Tomcat/JbossWeb: security manager bypass via EL expressions
Tomcat/JbossWeb: security manager bypass via EL expressions
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections.
Package: jbossweb (Red Hat BPM Suite 6) - Not affected
Package: tomcat5 (Red Hat Enterprise Linux 5) - Under investigation
Package: jbossweb (Red Hat JB
Apache
Apache tomcat: CVE-2014-7810
vendor_apache·CVSS 5.0
CVE-2014-7810 [HIGH] Apache tomcat: CVE-2014-7810
Apache tomcat: CVE-2014-7810
Malicious web applications could use expression language to bypass the protections of a Security Manager as expressions were evaluated within a privileged code section. This was fixed in revisions 1644018 and 1645642 . This issue was identified by the Tomcat security team on 2 November 2014 and made public on 14 May 2015. Affects: 8.0.0-RC1 to 8.0.15 24 June 2014 Fixed in Apache Tomcat 8.0.9 Important: Request Smuggling
Severity: high
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-7810 tomcat: Tomcat/JbossWeb: security manager bypass via EL expressions [epel-6]
bugzilla·2015-05-18·CVSS 5.0
CVE-2014-7810 [MEDIUM] CVE-2014-7810 tomcat: Tomcat/JbossWeb: security manager bypass via EL expressions [epel-6]
CVE-2014-7810 tomcat: Tomcat/JbossWeb: security manager bypass via EL expressions [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-6 tracking bug for tomcat: see bl
Bugzilla
CVE-2014-7810 Tomcat/JbossWeb: security manager bypass via EL expressions
bugzilla·2015-05-18·CVSS 5.0
CVE-2014-7810 [MEDIUM] CVE-2014-7810 Tomcat/JbossWeb: security manager bypass via EL expressions
CVE-2014-7810 Tomcat/JbossWeb: security manager bypass via EL expressions
It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections.
Upstream patches:
http://svn.apache.org/viewvc?view=revision&revision=1644019
http://svn.apache.org/viewvc?view=revision&revision=1645644
External References:
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.59
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.17
Discussion:
Created tomcat tracking bugs for this issue:
Affects: fedora-all [bug 1222576]
Affects: epel-6 [bug 1222577]
---
Currently builds are in
Bugzilla
CVE-2014-7810 tomcat: Tomcat/JbossWeb: security manager bypass via EL expressions [fedora-all]
bugzilla·2015-05-18·CVSS 5.0
CVE-2014-7810 [MEDIUM] CVE-2014-7810 tomcat: Tomcat/JbossWeb: security manager bypass via EL expressions [fedora-all]
CVE-2014-7810 tomcat: Tomcat/JbossWeb: security manager bypass via EL expressions [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppo
http://marc.info/?l=bugtraq&m=145974991225029&w=2http://rhn.redhat.com/errata/RHSA-2015-1621.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1622.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0492.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2046.htmlhttp://svn.apache.org/viewvc?view=revision&revision=1644018http://svn.apache.org/viewvc?view=revision&revision=1645642http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www.debian.org/security/2015/dsa-3428http://www.debian.org/security/2016/dsa-3447http://www.debian.org/security/2016/dsa-3530http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlhttp://www.securityfocus.com/bid/74665http://www.securitytracker.com/id/1032330http://www.ubuntu.com/usn/USN-2654-1http://www.ubuntu.com/usn/USN-2655-1https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Ehttp://marc.info/?l=bugtraq&m=145974991225029&w=2http://rhn.redhat.com/errata/RHSA-2015-1621.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1622.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0492.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2046.htmlhttp://svn.apache.org/viewvc?view=revision&revision=1644018http://svn.apache.org/viewvc?view=revision&revision=1645642http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www.debian.org/security/2015/dsa-3428http://www.debian.org/security/2016/dsa-3447http://www.debian.org/security/2016/dsa-3530http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlhttp://www.securityfocus.com/bid/74665http://www.securitytracker.com/id/1032330http://www.ubuntu.com/usn/USN-2654-1http://www.ubuntu.com/usn/USN-2655-1https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
2015-06-07
Published