PT-2015-3927 · Apache+4 · Apache Tomcat+4

Publicado

2015-01-16

Atualizado

2022-05-14

CVE-2014-7810

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 6.x through 6.0.43 Apache Tomcat versions 7.x through 7.0.57 Apache Tomcat versions 8.x through 8.0.15

Description The issue allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during Expression Language (EL) evaluation. Malicious web applications could use expression language to bypass the protections of a Security Manager as expressions were evaluated within a privileged code section.

Recommendations For Apache Tomcat versions 6.x through 6.0.43, update to version 6.0.44 or later. For Apache Tomcat versions 7.x through 7.0.57, update to version 7.0.58 or later. For Apache Tomcat versions 8.x through 8.0.15, update to version 8.0.16 or later.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CESA-2016_0492

CESA-2016_2046

CVE-2014-7810

DLA-232-1

DSA-3428-1

DSA-3447-1

DSA-3530-1

GHSA-4C43-CWVX-9CRH

RHSA-2015:1622

RHSA-2016:0492

RHSA-2016:2046

RHSA-2016_0492

RHSA-2016_2046

SUSE-SU-2015:1281-1

SUSE-SU-2015:1565-1

SUSE-SU-2015_1281-1

USN-2654-1

USN-2655-1

Produtos afetados

Apache Tomcat

Centos

Red Hat

Suse

Ubuntu

PT-2015-3927 · Apache+4 · Apache Tomcat+4

CVE-2014-7810

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 138