CVE-2014-7810 Security Manager Bypass
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 8.0.0-RC1 to 8.0.15
- - Apache Tomcat 7.0.0 to 7.0.57
- - Apache Tomcat 6.0.0 to 6.0.43
Description:
Malicious web applications could use expression language to bypass the
protections of a Security Manager as expressions were evaluated within
a privileged code section.
This issue only affects installations that run web applications from
untrusted sources.
Mitigation:
Users of affected versions should apply one of the following mitigations
- - Upgrade to Apache Tomcat 8.0.17 or later
(8.0.16 has the fix but was not released)
- - Upgrade to Apache Tomcat 7.0.59 or later
(7.0.58 has the fix but was not released)
- - Upgrade to Apache Tomcat 6.0.44 or later
Credit:
This issue was discovered by the Apache Tomcat security team.
References:
[1] http://tomcat.apache.org/
[2] http://tomcat.apache.org/
[3] http://tomcat.apache.org/
Komentarų nėra:
Rašyti komentarą