CVE-2014-7810

NameCVE-2014-7810
DescriptionThe Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-232-1, DSA-3428-1, DSA-3447-1, DSA-3530-1
NVD severitymedium (attack range: remote)
Debian Bugs787010

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tomcat6 (PTS)wheezy6.0.45+dfsg-1~deb7u1fixed
wheezy (security)6.0.45+dfsg-1~deb7u5fixed
jessie (security), jessie6.0.45+dfsg-1~deb8u1fixed
tomcat7 (PTS)wheezy7.0.28-4+deb7u4fixed
wheezy (security)7.0.28-4+deb7u15fixed
jessie (security), jessie7.0.56-3+deb8u11fixed
stretch7.0.75-1fixed
buster, sid7.0.78-1fixed
tomcat8 (PTS)jessie8.0.14-1+deb8u10fixed
jessie (security)8.0.14-1+deb8u11fixed
stretch (security), stretch8.5.14-1+deb9u2fixed
buster, sid8.5.23-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tomcat6source(unstable)6.0.41-3medium787010
tomcat6sourcesqueeze6.0.41-2+squeeze7mediumDLA-232-1
tomcat6sourcewheezy6.0.45+dfsg-1~deb7u1mediumDSA-3530-1
tomcat7source(unstable)7.0.61-1medium
tomcat7sourcejessie7.0.56-3+deb8u1mediumDSA-3447-1
tomcat7sourcewheezy7.0.28-4+deb7u3mediumDSA-3447-1
tomcat8source(unstable)8.0.21-2medium
tomcat8sourcejessie8.0.14-1+deb8u1mediumDSA-3428-1

Notes

Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
http://svn.apache.org/viewvc?view=revision&revision=1645366 (6.x)
http://svn.apache.org/viewvc?view=revision&revision=1659538 (6.x)
http://svn.apache.org/viewvc?view=revision&revision=1644019 (7.x)
http://svn.apache.org/viewvc?view=revision&revision=1645644 (7.x)

Search for package or bug name: Reporting problems