Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-7810
HistoryJun 07, 2015 - 12:00 a.m.

CVE-2014-7810

2015-06-0700:00:00
ubuntu.com
ubuntu.com
16

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.5%

The Expression Language (EL) implementation in Apache Tomcat 6.x before
6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider
the possibility of an accessible interface implemented by an inaccessible
class, which allows attackers to bypass a SecurityManager protection
mechanism via a web application that leverages use of incorrect privileges
during EL evaluation.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchtomcat6< 6.0.35-1ubuntu3.6UNKNOWN
ubuntu14.04noarchtomcat6< 6.0.39-1ubuntu0.1UNKNOWN
ubuntu16.04noarchtomcat6< 6.0.45+dfsg-1UNKNOWN
ubuntu14.04noarchtomcat7< 7.0.52-1ubuntu0.3UNKNOWN
ubuntu14.10noarchtomcat7< 7.0.55-1ubuntu0.2UNKNOWN
ubuntu15.04noarchtomcat7< 7.0.56-2ubuntu0.1UNKNOWN
ubuntu15.04noarchtomcat8< 8.0.14-1+deb8u1build0.15.04.1UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.5%

Related for UB:CVE-2014-7810