Lucene search

K

GoogleOSV:GHSA-4C43-CWVX-9CRH

HistoryMay 14, 2022 - 1:10 a.m.

Improper Access Control in Apache Tomcat

2022-05-1401:10:17

Google

osv.dev

19

0.003 Low

EPSS

Percentile

69.3%

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

CPENameOperatorVersion
org.apache.tomcat:tomcateq8.0.3
org.apache.tomcat:tomcateq7.0.56
org.apache.tomcat:tomcateq7.0.55
org.apache.tomcat:tomcateq7.0.37
org.apache.tomcat:tomcateq8.0.8
org.apache.tomcat:tomcateq8.0.12
org.apache.tomcat:tomcateq7.0.42
org.apache.tomcat:tomcateq7.0.54
org.apache.tomcat:tomcateq7.0.50
org.apache.tomcat:tomcateq8.0.5

Rows per page:

1-10 of 231

References

marc.info/?l=bugtraq&m=145974991225029&w=2

rhn.redhat.com/errata/RHSA-2015-1621.html

rhn.redhat.com/errata/RHSA-2015-1622.html

rhn.redhat.com/errata/RHSA-2016-0492.html

rhn.redhat.com/errata/RHSA-2016-2046.html

svn.apache.org/viewvc?view=revision&revision=1644018

svn.apache.org/viewvc?view=revision&revision=1645642

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

www.debian.org/security/2015/dsa-3428

www.debian.org/security/2016/dsa-3447

www.debian.org/security/2016/dsa-3530

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.ubuntu.com/usn/USN-2654-1

www.ubuntu.com/usn/USN-2655-1

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2014-7810

0.003 Low

EPSS

Percentile

69.3%

Related for OSV:GHSA-4C43-CWVX-9CRH

ibm55 openvas23 ubuntucve1 nessus26 tomcat3 redhat4 centos2 osv2 f52 debiancve1 cvelist1 github1 cve1 nvd1 oraclelinux4 prion1 veracode1 debian5 securityvulns2 amazon3 freebsd1 ubuntu2 symantec1 oracle1