5
CVSSv2

CVE-2014-7810

Published: 07/06/2015 Updated: 15/04/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The Expression Language (EL) implementation in Apache Tomcat 6.x prior to 6.0.44, 7.x prior to 7.0.58, and 8.x prior to 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows malicious users to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheTomcat6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.24, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 6.0.30, 6.0.31, 6.0.32, 6.0.33, 6.0.35, 6.0.36, 6.0.37, 6.0.39, 6.0.41, 6.0.43, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.31, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.36, 7.0.37, 7.0.38, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.43, 7.0.44, 7.0.45, 7.0.46, 7.0.47, 7.0.48, 7.0.49, 7.0.50, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 8.0.0, 8.0.1, 8.0.3, 8.0.5, 8.0.8, 8.0.9, 8.0.11, 8.0.12, 8.0.14, 8.0.15
DebianDebian Linux7.0

Vendor Advisories

Debian Bug report logs - #787010 tomcat6: CVE-2014-7810: Security Manager bypass by expression language Package: src:tomcat6; Maintainer for src:tomcat6 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Santiago Ruano Rincón <santiagorr@riseupnet> Date: Wed, 27 May 2015 18:06:01 ...
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
There is a vulnerability in Apache Tomcat used by IBM® Cloud App Management V2018 IBM® Cloud App Management has addressed the applicable CVE in a later version ...
IBM Worklight has addressed the following vulnerability WAS traditional and liberty vulnerable to CVE-2014-7810 ...
IBM Integration Bus and IBM App Connect Enterprise are affected by a WebSphere Application Server vulnerability which was reported and has been addressed Vulnerability details are listed below ...
IBM MessageSight has addressed the following vulnerability Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language An attacker could exploit this vulnerability to bypass the protections of a Security Manager ...
There are vulnerabilities in WAS traditional and liberty used by IBM Streams IBM Streams has addressed the applicable CVEs ...
Several security issues were fixed in Tomcat ...
There is a potential bypass security vulnerability in the expression language library used by WebSphere Application Server (CVE-2014-7810) used with IBM Security AppScan Enterprise ...
There is a potential bypass security vulnerability in the expression language library used by WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ...
Several security issues were fixed in Tomcat ...
It was found that the expression language resolver evaluated expressions within a privileged code section A malicious web application could use this flaw to bypass security manager protections (CVE-2014-7810 ) It was found that Tomcat would keep connections open after processing requests with a large enough request body A remote attacker could p ...
IBM WebSphere Application Server Liberty is affected by Apache Tomcat and CXF vulnerabilities that affect IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware ...
IBM WebSphere Application Server Liberty is affected by Apache Tomcat, Apache CXF, and elevation of privileges vulnerabilities which affect the IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manager FastBack for Workstations) Central Administration Console (CAC) ...
A directory traversal vulnerability in RequestUtiljava was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a / (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call (CVE-2015-5174 ) The Mapper comp ...
A directory traversal vulnerability in RequestUtiljava was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a / (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call (CVE-2015-5174 ) A session fixat ...
It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section For the oldstable distribution (wheezy), this problem has been fixed in version 7028-4+deb7u3 This update also provides fixes for CVE-2013-4444, CVE-2014-0 ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to multiple security vulnerabilities There are multiple vulnerabilities in IBM® WebSphere Liberty Server, Version 18004 included in this release of IGI These issues were disclosed as part of the IBM WebSphere Liberty version 17003 and upward ...
The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring (ITM) portal server ...
<!-- Start - Changes for Security Advisory Channel --> Security Advisory ID SYMSA1329 Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score: Legacy ID 23 Jul 2015 Open High CVSS v2: 78 SA100 ...
Oracle Linux Bulletin - April 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are release ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - October 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day wh ...
Oracle Critical Patch Update Advisory - July 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...
IBM Security Privileged Identity Manager has addressed the following vulnerabilities ...
Oracle Linux Bulletin - October 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...

References

CWE-284http://marc.info/?l=bugtraq&m=145974991225029&w=2http://rhn.redhat.com/errata/RHSA-2015-1621.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1622.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0492.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2046.htmlhttp://svn.apache.org/viewvc?view=revision&revision=1644018http://svn.apache.org/viewvc?view=revision&revision=1645642http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www.debian.org/security/2015/dsa-3428http://www.debian.org/security/2016/dsa-3447http://www.debian.org/security/2016/dsa-3530http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlhttp://www.securityfocus.com/bid/74665http://www.securitytracker.com/id/1032330http://www.ubuntu.com/usn/USN-2654-1http://www.ubuntu.com/usn/USN-2655-1https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3Ehttps://www.rapid7.com/db/vulnerabilities/apache-tomcat-cve-2014-7810http://tools.cisco.com/security/center/viewAlert.x?alertId=38882https://nvd.nist.govhttps://usn.ubuntu.com/2655-1/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-alas-2016-656