UBUNTU-CVE-2014-7810
- Source
- https://ubuntu.com/security/CVE-2014-7810
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-7810.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-7810
- Upstream
- Downstream
- Related
- Published
- 2015-06-07T00:00:00Z
- Modified
- 2026-02-04T02:50:31.118123Z
- Severity
-
- Ubuntu - medium
- Summary
- [none]
- Details
-
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
- References
-
- https://ubuntu.com/security/CVE-2014-7810
- http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44
- http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.59
- http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.17
- https://ubuntu.com/security/notices/USN-2655-1
- https://ubuntu.com/security/notices/USN-2654-1
- https://www.cve.org/CVERecord?id=CVE-2014-7810
Affected packages
Ubuntu:14.04:LTS / tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.39-1ubuntu0.1?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.0.39-1ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libservlet2.4-java",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "libservlet2.5-java",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "libtomcat6-java",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-admin",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-common",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-docs",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-examples",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-extras",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-user",
"binary_version": "6.0.39-1ubuntu0.1"
}
]
}
Ubuntu:14.04:LTS / tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.52-1ubuntu0.3?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.0.52-1ubuntu0.3
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libservlet3.0-java",
"binary_version": "7.0.52-1ubuntu0.3"
},
{
"binary_name": "libtomcat7-java",
"binary_version": "7.0.52-1ubuntu0.3"
},
{
"binary_name": "tomcat7",
"binary_version": "7.0.52-1ubuntu0.3"
},
{
"binary_name": "tomcat7-admin",
"binary_version": "7.0.52-1ubuntu0.3"
},
{
"binary_name": "tomcat7-common",
"binary_version": "7.0.52-1ubuntu0.3"
},
{
"binary_name": "tomcat7-docs",
"binary_version": "7.0.52-1ubuntu0.3"
},
{
"binary_name": "tomcat7-examples",
"binary_version": "7.0.52-1ubuntu0.3"
},
{
"binary_name": "tomcat7-user",
"binary_version": "7.0.52-1ubuntu0.3"
}
]
}
Ubuntu:16.04:LTS / tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.45+dfsg-1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.0.45+dfsg-1