Tomcat security manager Bypass Vulnerability (CVE-2014-7810)
Tomcat Security Manager Bypass Vulnerability, Vulnerability No.: CVE-2014-7810 Security Manager Bypass
Vulnerability severity: Average
Affected Versions:
--Apache Tomcat 8.0.0-RC1 to 8.0.15
--Apache Tomcat 7.0.0 to 7.0.57
--Apache Tomcat 6.0.0 to 6.0.43
Vulnerability description:
Malicious Web applications can bypass the protection of Tomcat security manager by using Expression Language. This problem is mainly caused by the installation of untrusted applications.
Solution:
--Upgrade to Apache Tomcat 8.0.17 or later
(8.0.16 has the fix but was not released)
--Upgrade to Apache Tomcat 7.0.59 or later
(7.0.58 has the fix but was not released)
--Upgrade to Apache Tomcat 6.0.44 or later
Apache Tomcat Security Manager Bypass Vulnerability (CVE-2014-7810)
Install JDK + Tomcat in RedHat Linux 5.5 and deploy Java Projects
Tomcat authoritative guide (second edition) (Chinese/English hd pdf + bookmarks)
Tomcat Security Configuration and Performance Optimization
How to Use Xshell to view Tomcat real-time logs with Chinese garbled characters in Linux
Install JDK and Tomcat in CentOS 64-bit and set the Tomcat Startup Procedure
Install Tomcat in CentOS 6.5
Tomcat details: click here
Tomcat: click here
This article permanently updates the link address: