CVE-2014-7810

EPSS 12.05%
Veröffentlicht 07.06.2015 23:59:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 32

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version7.0

Apache ≫ Tomcat Version6.0.0

Apache ≫ Tomcat Version6.0.0 Updatealpha

Apache ≫ Tomcat Version6.0.1

Apache ≫ Tomcat Version6.0.1 Updatealpha

Apache ≫ Tomcat Version6.0.2

Apache ≫ Tomcat Version6.0.2 Updatealpha

Apache ≫ Tomcat Version6.0.2 Updatebeta

Apache ≫ Tomcat Version6.0.3

Apache ≫ Tomcat Version6.0.4

Apache ≫ Tomcat Version6.0.4 Updatealpha

Apache ≫ Tomcat Version6.0.5

Apache ≫ Tomcat Version6.0.6

Apache ≫ Tomcat Version6.0.6 Updatealpha

Apache ≫ Tomcat Version6.0.7

Apache ≫ Tomcat Version6.0.7 Updatealpha

Apache ≫ Tomcat Version6.0.7 Updatebeta

Apache ≫ Tomcat Version6.0.8

Apache ≫ Tomcat Version6.0.8 Updatealpha

Apache ≫ Tomcat Version6.0.9

Apache ≫ Tomcat Version6.0.9 Updatebeta

Apache ≫ Tomcat Version6.0.10

Apache ≫ Tomcat Version6.0.11

Apache ≫ Tomcat Version6.0.12

Apache ≫ Tomcat Version6.0.13

Apache ≫ Tomcat Version6.0.14

Apache ≫ Tomcat Version6.0.15

Apache ≫ Tomcat Version6.0.16

Apache ≫ Tomcat Version6.0.17

Apache ≫ Tomcat Version6.0.18

Apache ≫ Tomcat Version6.0.19

Apache ≫ Tomcat Version6.0.20

Apache ≫ Tomcat Version6.0.24

Apache ≫ Tomcat Version6.0.26

Apache ≫ Tomcat Version6.0.27

Apache ≫ Tomcat Version6.0.28

Apache ≫ Tomcat Version6.0.29

Apache ≫ Tomcat Version6.0.30

Apache ≫ Tomcat Version6.0.31

Apache ≫ Tomcat Version6.0.32

Apache ≫ Tomcat Version6.0.33

Apache ≫ Tomcat Version6.0.35

Apache ≫ Tomcat Version6.0.36

Apache ≫ Tomcat Version6.0.37

Apache ≫ Tomcat Version6.0.39

Apache ≫ Tomcat Version6.0.41

Apache ≫ Tomcat Version6.0.43

Apache ≫ Tomcat Version7.0.0

Apache ≫ Tomcat Version7.0.0 Updatebeta

Apache ≫ Tomcat Version7.0.1

Apache ≫ Tomcat Version7.0.2

Apache ≫ Tomcat Version7.0.2 Updatebeta

Apache ≫ Tomcat Version7.0.3

Apache ≫ Tomcat Version7.0.4

Apache ≫ Tomcat Version7.0.4 Updatebeta

Apache ≫ Tomcat Version7.0.5

Apache ≫ Tomcat Version7.0.6

Apache ≫ Tomcat Version7.0.7

Apache ≫ Tomcat Version7.0.8

Apache ≫ Tomcat Version7.0.9

Apache ≫ Tomcat Version7.0.10

Apache ≫ Tomcat Version7.0.11

Apache ≫ Tomcat Version7.0.12

Apache ≫ Tomcat Version7.0.13

Apache ≫ Tomcat Version7.0.14

Apache ≫ Tomcat Version7.0.15

Apache ≫ Tomcat Version7.0.16

Apache ≫ Tomcat Version7.0.17

Apache ≫ Tomcat Version7.0.18

Apache ≫ Tomcat Version7.0.19

Apache ≫ Tomcat Version7.0.20

Apache ≫ Tomcat Version7.0.21

Apache ≫ Tomcat Version7.0.22

Apache ≫ Tomcat Version7.0.23

Apache ≫ Tomcat Version7.0.24

Apache ≫ Tomcat Version7.0.25

Apache ≫ Tomcat Version7.0.26

Apache ≫ Tomcat Version7.0.27

Apache ≫ Tomcat Version7.0.28

Apache ≫ Tomcat Version7.0.29

Apache ≫ Tomcat Version7.0.30

Apache ≫ Tomcat Version7.0.31

Apache ≫ Tomcat Version7.0.32

Apache ≫ Tomcat Version7.0.33

Apache ≫ Tomcat Version7.0.34

Apache ≫ Tomcat Version7.0.35

Apache ≫ Tomcat Version7.0.36

Apache ≫ Tomcat Version7.0.37

Apache ≫ Tomcat Version7.0.38

Apache ≫ Tomcat Version7.0.39

Apache ≫ Tomcat Version7.0.40

Apache ≫ Tomcat Version7.0.41

Apache ≫ Tomcat Version7.0.42

Apache ≫ Tomcat Version7.0.43

Apache ≫ Tomcat Version7.0.44

Apache ≫ Tomcat Version7.0.45

Apache ≫ Tomcat Version7.0.46

Apache ≫ Tomcat Version7.0.47

Apache ≫ Tomcat Version7.0.48

Apache ≫ Tomcat Version7.0.49

Apache ≫ Tomcat Version7.0.50

Apache ≫ Tomcat Version7.0.52

Apache ≫ Tomcat Version7.0.53

Apache ≫ Tomcat Version7.0.54

Apache ≫ Tomcat Version7.0.55

Apache ≫ Tomcat Version7.0.56

Apache ≫ Tomcat Version7.0.57

Apache ≫ Tomcat Version8.0.0 Updaterc1

Apache ≫ Tomcat Version8.0.0 Updaterc10

Apache ≫ Tomcat Version8.0.0 Updaterc2

Apache ≫ Tomcat Version8.0.0 Updaterc5

Apache ≫ Tomcat Version8.0.1

Apache ≫ Tomcat Version8.0.3

Apache ≫ Tomcat Version8.0.5

Apache ≫ Tomcat Version8.0.8

Apache ≫ Tomcat Version8.0.9

Apache ≫ Tomcat Version8.0.11

Apache ≫ Tomcat Version8.0.12

Apache ≫ Tomcat Version8.0.14

Apache ≫ Tomcat Version8.0.15

Apache ≫ Tomcat Version6.0.0

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.0 Updatealpha

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.1

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.1 Updatealpha

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.2

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.2 Updatealpha

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.2 Updatebeta

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.3

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.4

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.4 Updatealpha

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.5

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.6

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.6 Updatealpha

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.7

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.7 Updatealpha

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.7 Updatebeta

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.8

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.8 Updatealpha

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.9

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.9 Updatebeta

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.10

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.11

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.12

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.13

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.14

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.15

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.16

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.17

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.18

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.19

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.20

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.24

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.26

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.27

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.28

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.29

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.30

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.31

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.32

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.33

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.35

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.36

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.37

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.39

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.41

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version6.0.43

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.0

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.0 Updatebeta

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.1

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.2

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.2 Updatebeta

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.3

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.4

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.4 Updatebeta

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.5

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.6

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.7

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.8

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.9

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.10

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.11

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.12

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.13

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.14

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.15

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.16

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.17

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.18

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.19

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.20

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.21

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.22

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.23

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.24

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.25

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.26

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.27

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.28

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.29

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.30

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.31

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.32

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.33

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.34

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.35

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.36

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.37

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.38

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.39

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.40

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.41

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.42

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.43

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.44

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.45

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.46

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.47

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.48

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.49

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.50

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.52

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.53

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.54

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.55

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.56

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version7.0.57

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.0 Updaterc1

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.0 Updaterc10

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.0 Updaterc2

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.0 Updaterc5

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.1

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.3

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.5

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.8

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.9

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.11

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.12

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.14

Hp ≫ Hp-ux Version11.31

Apache ≫ Tomcat Version8.0.15

Hp ≫ Hp-ux Version11.31

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.05%	0.935

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://tomcat.apache.org/security-6.html

Patch

Vendor Advisory

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

http://tomcat.apache.org/security-7.html

Patch

Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://tomcat.apache.org/security-8.html

Patch

Vendor Advisory

http://www.debian.org/security/2016/dsa-3530

Third Party Advisory

http://www.debian.org/security/2016/dsa-3447

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

http://www.ubuntu.com/usn/USN-2654-1

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.ubuntu.com/usn/USN-2655-1

http://marc.info/?l=bugtraq&m=145974991225029&w=2

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1621.html

http://rhn.redhat.com/errata/RHSA-2015-1622.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-0492.html

http://rhn.redhat.com/errata/RHSA-2016-2046.html

http://svn.apache.org/viewvc?view=revision&revision=1644018

Patch

http://svn.apache.org/viewvc?view=revision&revision=1645642

Patch

http://www.debian.org/security/2015/dsa-3428

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.securityfocus.com/bid/74665

http://www.securitytracker.com/id/1032330

https://nvd.nist.gov/vuln/detail/CVE-2014-7810

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-7810

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-7810

EUVD