Name | CVE-2014-7810 |
Description | The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-232-1, DSA-3428-1, DSA-3447-1, DSA-3530-1 |
Debian Bugs | 787010 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
tomcat6 (PTS) | jessie, jessie (lts) | 6.0.45+dfsg-1~deb8u1 | fixed |
tomcat7 (PTS) | jessie, jessie (lts) | 7.0.56-3+really7.0.109-1+deb8u6 | fixed |
stretch | 7.0.75-1 | fixed | |
tomcat8 (PTS) | jessie, jessie (lts) | 8.0.14-1+deb8u28 | fixed |
stretch (security) | 8.5.54-0+deb9u8 | fixed | |
stretch (lts), stretch | 8.5.54-0+deb9u15 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
tomcat6 | source | squeeze | 6.0.41-2+squeeze7 | DLA-232-1 | ||
tomcat6 | source | wheezy | 6.0.45+dfsg-1~deb7u1 | DSA-3530-1 | ||
tomcat6 | source | (unstable) | 6.0.41-3 | 787010 | ||
tomcat7 | source | wheezy | 7.0.28-4+deb7u3 | DSA-3447-1 | ||
tomcat7 | source | jessie | 7.0.56-3+deb8u1 | DSA-3447-1 | ||
tomcat7 | source | (unstable) | 7.0.61-1 | |||
tomcat8 | source | jessie | 8.0.14-1+deb8u1 | DSA-3428-1 | ||
tomcat8 | source | (unstable) | 8.0.21-2 |
Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
http://svn.apache.org/viewvc?view=revision&revision=1645366 (6.x)
http://svn.apache.org/viewvc?view=revision&revision=1659538 (6.x)
http://svn.apache.org/viewvc?view=revision&revision=1644019 (7.x)
http://svn.apache.org/viewvc?view=revision&revision=1645644 (7.x)