CVE-2014-7810
tomcat7 - security update
EPSS 9.9%
Description
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
How to fix CVE-2014-7810
To remediate CVE-2014-7810, upgrade the affected package to a fixed version below.
- Debian/tomcat7—upgrade to 7.0.28-4+deb7u3 or later
- —upgrade to 8.0.14-1+deb8u1 or later
- —upgrade to 6.0.44 or later
Is CVE-2014-7810 being exploited?
Moderate — EPSS is 9.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 7.0.28-4+deb7u3
- from 0, < 8.0.14-1+deb8u1
- >= 6.0.0, < 6.0.44