Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-7810

Disclosure Date: June 07, 2015
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

References

Advisory

Additional Info

Technical Analysis