CVE-2014-7810

medium

Apache

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS Score

9.5%

Exploitation probability in 30 days

Top 7% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

None

Integrity

Availability

None

Published: June 7, 2015 (3994 days ago)

Last Modified: May 6, 2026

Vendor: Apache

Source: NVD

Description

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

CWE

CWE-284

Affected Products

debian debian linuxapache tomcat

References

🔗 marc.info 🔗 rhn.redhat.com 🔗 rhn.redhat.com 🔗 rhn.redhat.com 🔗 rhn.redhat.com

CVE-2014-7810

Vulnerability Report

Description

CWE

Affected Products

References