Published: 07/06/2015 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The Expression Language (EL) implementation in Apache Tomcat 6.x prior to 6.0.44, 7.x prior to 7.0.58, and 8.x prior to 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows malicious users to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 7.0

apache tomcat 7.0.2

apache tomcat 6.0.33

apache tomcat 6.0.0

apache tomcat 7.0.49

apache tomcat 6.0.39

apache tomcat 7.0.12

apache tomcat 6.0.6

apache tomcat 7.0.53

apache tomcat 6.0.4

apache tomcat 7.0.20

apache tomcat 6.0.11

apache tomcat 7.0.34

apache tomcat 7.0.8

apache tomcat 7.0.55

apache tomcat 7.0.1

apache tomcat 7.0.5

apache tomcat 7.0.4

apache tomcat 6.0.7

apache tomcat 7.0.22

apache tomcat 7.0.39

apache tomcat 7.0.26

apache tomcat 7.0.46

apache tomcat 8.0.5

apache tomcat 6.0.15

apache tomcat 7.0.28

apache tomcat 8.0.1

apache tomcat 7.0.0

apache tomcat 7.0.50

apache tomcat 7.0.6

apache tomcat 8.0.0

apache tomcat 7.0.18

apache tomcat 6.0.20

apache tomcat 8.0.12

apache tomcat 7.0.14

apache tomcat 6.0.9

apache tomcat 6.0.10

apache tomcat 8.0.15

apache tomcat 6.0.31

apache tomcat 6.0.29

apache tomcat 7.0.48

apache tomcat 7.0.11

apache tomcat 6.0.3

apache tomcat 7.0.23

apache tomcat 6.0.1

apache tomcat 6.0.24

apache tomcat 7.0.44

apache tomcat 6.0.37

apache tomcat 6.0.17

apache tomcat 7.0.7

apache tomcat 7.0.52

apache tomcat 7.0.42

apache tomcat 6.0.32

apache tomcat 6.0.28

apache tomcat 7.0.37

apache tomcat 7.0.29

apache tomcat 7.0.45

apache tomcat 8.0.11

apache tomcat 7.0.13

apache tomcat 7.0.47

apache tomcat 6.0.14

apache tomcat 7.0.41

apache tomcat 7.0.31

apache tomcat 7.0.30

apache tomcat 7.0.15

apache tomcat 7.0.19

apache tomcat 7.0.16

apache tomcat 6.0.41

apache tomcat 7.0.10

apache tomcat 7.0.36

apache tomcat 7.0.25

apache tomcat 6.0.12

apache tomcat 7.0.54

apache tomcat 7.0.35

apache tomcat 8.0.3

apache tomcat 6.0.18

apache tomcat 7.0.57

apache tomcat 7.0.43

apache tomcat 6.0.2

apache tomcat 8.0.14

apache tomcat 8.0.9

apache tomcat 7.0.32

apache tomcat 7.0.38

apache tomcat 6.0.43

apache tomcat 6.0.5

apache tomcat 7.0.21

apache tomcat 7.0.27

apache tomcat 7.0.24

apache tomcat 7.0.17

apache tomcat 7.0.40

apache tomcat 6.0.30

apache tomcat 7.0.9

apache tomcat 6.0.13

apache tomcat 8.0.8

apache tomcat 7.0.3

apache tomcat 7.0.56

apache tomcat 6.0.8

apache tomcat 6.0.26

apache tomcat 6.0.19

apache tomcat 6.0.27

apache tomcat 6.0.35

apache tomcat 6.0.16

apache tomcat 6.0.36

apache tomcat 7.0.33

Vendor Advisories

Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Debian Bug report logs - #787010 tomcat6: CVE-2014-7810: Security Manager bypass by expression language Package: src:tomcat6; Maintainer for src:tomcat6 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Santiago Ruano Rincón <santiagorr@riseupnet> Date: Wed, 27 May 2015 18:06:01 ...
Several security issues were fixed in Tomcat ...
Several security issues were fixed in Tomcat ...
It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section For the oldstable distribution (wheezy), this problem has been fixed in version 7028-4+deb7u3 This update also provides fixes for CVE-2013-4444, CVE-2014-0 ...
A directory traversal vulnerability in RequestUtiljava was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a / (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call (CVE-2015-5174) A session fixati ...
It was found that the expression language resolver evaluated expressions within a privileged code section A malicious web application could use this flaw to bypass security manager protections (CVE-2014-7810) It was found that Tomcat would keep connections open after processing requests with a large enough request body A remote attacker could po ...
A directory traversal vulnerability in RequestUtiljava was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a / (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call (CVE-2015-5174) The Mapper compo ...