Apache Tomcat Security Manager Bypass Vulnerability (CVE-2014-7810)
Apache Tomcat Security Manager Bypass Vulnerability (CVE-2014-7810)
Release date:
Updated on:
Affected Systems:
Apache Group Tomcat 8.0.0-RC1 - 8.0.15
Apache Group Tomcat 7.0.0 - 7.0.57
Apache Group Tomcat 6.0.0 - 6.0.43
Description:
CVE (CAN) ID: CVE-2014-7810
Apache Tomcat is a popular open-source JSP application server program.
Apache Tomcat 8.0.0-RC1 to 8.0.15, 7.0.0 to 7.0.57, and 6.0.0 to 6.0.43 are evaluated in the privileged code area. There is a security restriction bypass vulnerability in implementation, attackers can exploit this vulnerability to bypass the Security Manager protection mechanism.
<* Source: Apache Tomcat security team
*>
Suggestion:
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
[1] http://tomcat.apache.org/security-8.html
[2] http://tomcat.apache.org/security-7.html
[3] http://tomcat.apache.org/security-6.html
Install JDK + Tomcat in RedHat Linux 5.5 and deploy Java Projects
Tomcat authoritative guide (second edition) (Chinese/English hd pdf + bookmarks)
Tomcat Security Configuration and Performance Optimization
How to Use Xshell to view Tomcat real-time logs with Chinese garbled characters in Linux
Install JDK and Tomcat in CentOS 64-bit and set the Tomcat Startup Procedure
Install Tomcat in CentOS 6.5
Tomcat details: click here
Tomcat: click here
This article permanently updates the link address: