logo
DATABASE RESOURCES PRICING ABOUT US

Fixed in Apache Tomcat 7.0.59

Description

_Note: The issue below was fixed in Apache Tomcat 7.0.58 but the release vote for the 7.0.58 release candidate did not pass. Therefore, although users must download 7.0.59 to obtain a version that includes a fix for this issue, versions 7.0.58 is not included in the list of affected versions._ **Moderate: Security Manager bypass** [CVE-2014-7810](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810>) Malicious web applications could use expression language to bypass the protections of a Security Manager as expressions were evaluated within a privileged code section. This was fixed in revisions [1644019](<https://svn.apache.org/viewvc?view=rev&rev=1644019>) and [1645644](<https://svn.apache.org/viewvc?view=rev&rev=1645644>). This issue was identified by the Tomcat security team on 2 November 2014 and made public on 14 May 2015. Affects: 7.0.0 to 7.0.57


Affected Software


CPE Name Name Version
apache tomcat 7.0.0
apache tomcat 7.0.57

Related