Apache Tomcat Security Manager Bypass Vulnerability (CVE-2014-7810)

Apache Tomcat Security Manager Bypass Vulnerability (CVE-2014-7810)
Apache Tomcat Security Manager Bypass Vulnerability (CVE-2014-7810)

Release date:
Updated on:

Affected Systems:

Apache Group Tomcat 8.0.0-RC1 - 8.0.15
Apache Group Tomcat 7.0.0 - 7.0.57
Apache Group Tomcat 6.0.0 - 6.0.43

Description:

CVE (CAN) ID: CVE-2014-7810

Apache Tomcat is a popular open-source JSP application server program.

Apache Tomcat 8.0.0-RC1 to 8.0.15, 7.0.0 to 7.0.57, and 6.0.0 to 6.0.43 are evaluated in the privileged code area. There is a security restriction bypass vulnerability in implementation, attackers can exploit this vulnerability to bypass the Security Manager protection mechanism.

<* Source: Apache Tomcat security team
*>

Suggestion:

Vendor patch:

Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:


[1] http://tomcat.apache.org/security-8.html
[2] http://tomcat.apache.org/security-7.html
[3] http://tomcat.apache.org/security-6.html

Install JDK + Tomcat in RedHat Linux 5.5 and deploy Java Projects

Tomcat authoritative guide (second edition) (Chinese/English hd pdf + bookmarks)

Tomcat Security Configuration and Performance Optimization

How to Use Xshell to view Tomcat real-time logs with Chinese garbled characters in Linux

Install JDK and Tomcat in CentOS 64-bit and set the Tomcat Startup Procedure

Install Tomcat in CentOS 6.5

Tomcat details: click here
Tomcat: click here

This article permanently updates the link address: