Lucene search

K

PRIOn knowledge basePRION:CVE-2014-7810

HistoryJun 07, 2015 - 11:59 p.m.

Design/Logic Flaw

2015-06-0723:59:00

PRIOn knowledge base

www.prio-n.com

7

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.3%

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

CPENameOperatorVersion
tomcateq7.0.2 beta
tomcateq6.0.33
tomcateq6.0.0 alpha
tomcateq7.0.49
tomcateq6.0.39
tomcateq7.0.12
tomcateq6.0.6
tomcateq7.0.53
tomcateq6.0.4 alpha
tomcateq7.0.20

Rows per page:

1-10 of 2391

References

rhn.redhat.com/errata/RHSA-2015-1621.html

rhn.redhat.com/errata/RHSA-2015-1622.html

rhn.redhat.com/errata/RHSA-2016-0492.html

rhn.redhat.com/errata/RHSA-2016-2046.html

svn.apache.org/viewvc?view=revision&revision=1644018

svn.apache.org/viewvc?view=revision&revision=1645642

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

www.debian.org/security/2015/dsa-3428

www.debian.org/security/2016/dsa-3447

www.debian.org/security/2016/dsa-3530

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.securityfocus.com/bid/74665

www.securitytracker.com/id/1032330

www.ubuntu.com/usn/USN-2654-1

www.ubuntu.com/usn/USN-2655-1

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

marc.info/?l=bugtraq&m=145974991225029&w=2

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.3%

Related for PRION:CVE-2014-7810

ibm55 openvas23 ubuntucve1 nessus26 tomcat3 redhat4 centos2 osv3 f52 github1 cvelist1 debiancve1 cve1 nvd1 oraclelinux4 veracode1 debian5 securityvulns2 amazon3 freebsd1 ubuntu2 symantec1 oracle1