5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.7%
CentOS Errata and Security Advisory CESA-2016:0492
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was found that the expression language resolver evaluated expressions
within a privileged code section. A malicious web application could use
this flaw to bypass security manager protections. (CVE-2014-7810)
This update also fixes the following bug:
All Tomcat 6 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Tomcat must be
restarted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-March/083928.html
Affected packages:
tomcat6
tomcat6-admin-webapps
tomcat6-docs-webapp
tomcat6-el-2.1-api
tomcat6-javadoc
tomcat6-jsp-2.1-api
tomcat6-lib
tomcat6-servlet-2.5-api
tomcat6-webapps
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:0492
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | tomcat6 | < 6.0.24-94.el6_7 | tomcat6-6.0.24-94.el6_7.i686.rpm |
CentOS | 6 | i686 | tomcat6-admin-webapps | < 6.0.24-94.el6_7 | tomcat6-admin-webapps-6.0.24-94.el6_7.i686.rpm |
CentOS | 6 | i686 | tomcat6-docs-webapp | < 6.0.24-94.el6_7 | tomcat6-docs-webapp-6.0.24-94.el6_7.i686.rpm |
CentOS | 6 | i686 | tomcat6-el-2.1-api | < 6.0.24-94.el6_7 | tomcat6-el-2.1-api-6.0.24-94.el6_7.i686.rpm |
CentOS | 6 | i686 | tomcat6-javadoc | < 6.0.24-94.el6_7 | tomcat6-javadoc-6.0.24-94.el6_7.i686.rpm |
CentOS | 6 | i686 | tomcat6-jsp-2.1-api | < 6.0.24-94.el6_7 | tomcat6-jsp-2.1-api-6.0.24-94.el6_7.i686.rpm |
CentOS | 6 | i686 | tomcat6-lib | < 6.0.24-94.el6_7 | tomcat6-lib-6.0.24-94.el6_7.i686.rpm |
CentOS | 6 | i686 | tomcat6-servlet-2.5-api | < 6.0.24-94.el6_7 | tomcat6-servlet-2.5-api-6.0.24-94.el6_7.i686.rpm |
CentOS | 6 | i686 | tomcat6-webapps | < 6.0.24-94.el6_7 | tomcat6-webapps-6.0.24-94.el6_7.i686.rpm |
CentOS | 6 | x86_64 | tomcat6 | < 6.0.24-94.el6_7 | tomcat6-6.0.24-94.el6_7.x86_64.rpm |