#VU64583 Improper access control in Apache Tomcat - CVE-2014-7810
Vulnerability identifier: #VU64583
Vulnerability risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Apache Tomcat
Server applications /
Web servers
Vendor: Apache Foundation
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to Expression Language (EL) implementation in Apache Tomcat does not properly consider the possibility of an accessible interface implemented by an inaccessible class. A remote attacker can bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Apache Tomcat: 6.0.0 - 6.0.43, 7.0.0 - 7.0.57, 8.0.0 RC1 - 8.0.15
External links
https://marc.info/?l=bugtraq&m=145974991225029&w=2
https://rhn.redhat.com/errata/RHSA-2015-1621.html
https://rhn.redhat.com/errata/RHSA-2015-1622.html
https://rhn.redhat.com/errata/RHSA-2016-0492.html
https://rhn.redhat.com/errata/RHSA-2016-2046.html
https://svn.apache.org/viewvc?view=revision&revision=1644018
https://svn.apache.org/viewvc?view=revision&revision=1645642
https://tomcat.apache.org/security-6.html
https://tomcat.apache.org/security-7.html
https://tomcat.apache.org/security-8.html
https://www.debian.org/security/2015/dsa-3428
https://www.debian.org/security/2016/dsa-3447
https://www.debian.org/security/2016/dsa-3530
https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://www.securityfocus.com/bid/74665
https://www.securitytracker.com/id/1032330
https://www.ubuntu.com/usn/USN-2654-1
https://www.ubuntu.com/usn/USN-2655-1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
