CVE-2014-7810
Description
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
9.485
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Tomcat to 9.5.14 | Windows |
| Update Tomcat to 9.5.5 | Windows |
| Update Tomcat to 9.5.7 | Windows |
| Update Tomcat to 9.5.8 | Windows |
| Update Tomcat to 9.6.10 | Windows |
| Update Tomcat to 9.6.3 | Windows |
| Update Tomcat to 9.6.4 | Windows |
| Update Tomcat to 9.6.7 | Windows |
| Update Tomcat to 9.6.8 | Windows |
| Update Tomcat to 2.4.5 | Windows |
| Update Tomcat to 3.0.14 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.15 | Windows |
| Vulnerabilities CVE-2014-7810 are fixed in IBM WebSphere 9.0.0.10 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0 | Windows |
| Vulnerabilities CVE-2014-0230,CVE-2014-7810 are fixed in Apache - tomcat 6.0.44 | Windows |
| Vulnerabilities CVE-2014-7810 are fixed in Apache - tomcat 7.0.58 | Windows |
| Vulnerabilities CVE-2014-7810 are fixed in Apache - tomcat 8.0.16 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4 | Windows |
| Servlet and JSP engine (USN-2654-1) libtomcat7-java_7.0.56-2ubuntu0.1_all.deb | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-admin-webapps-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-docs-webapp-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-javadoc-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-jsp-2_1-api-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-lib-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-servlet-2_5-api-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-webapps-6.0.41-0.45.1.noarch.rpm | Linux |
| Update Tomcat to 9.5.14 (For Linux) | Linux |
| Update Tomcat to 9.5.5 (For Linux) | Linux |
| Update Tomcat to 9.5.7 (For Linux) | Linux |
| Update Tomcat to 9.5.8 (For Linux) | Linux |
| Update Tomcat to 9.6.10 (For Linux) | Linux |
| Update Tomcat to 9.6.3 (For Linux) | Linux |
| Update Tomcat to 9.6.4 (For Linux) | Linux |
| Update Tomcat to 9.6.7 (For Linux) | Linux |
| Update Tomcat to 9.6.8 (For Linux) | Linux |
| Update Tomcat to 2.4.5 (For Linux) | Linux |
| Update Tomcat to 3.0.14 (For Linux) | Linux |
| Vulnerabilities CVE-2014-0230,CVE-2014-7810 are fixed in Apache - tomcat for Linux 6.0.44 | Linux |
| Vulnerabilities CVE-2014-7810 are fixed in Apache - tomcat for Linux 7.0.58 | Linux |
| Vulnerabilities CVE-2014-7810 are fixed in Apache - tomcat for Linux 8.0.16 | Linux |
| Improper Access Control Vulnerability (CVE-2014-7810) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234