Tomcat security manager Bypass Vulnerability (CVE-2014-7810)

Tomcat security manager Bypass Vulnerability (CVE-2014-7810)

Tomcat Security Manager Bypass Vulnerability, Vulnerability No.: CVE-2014-7810 Security Manager Bypass

Vulnerability severity: Average

Affected Versions:
--Apache Tomcat 8.0.0-RC1 to 8.0.15
--Apache Tomcat 7.0.0 to 7.0.57
--Apache Tomcat 6.0.0 to 6.0.43

Vulnerability description:
Malicious Web applications can bypass the protection of Tomcat security manager by using Expression Language. This problem is mainly caused by the installation of untrusted applications.

Solution:
--Upgrade to Apache Tomcat 8.0.17 or later
(8.0.16 has the fix but was not released)
--Upgrade to Apache Tomcat 7.0.59 or later
(7.0.58 has the fix but was not released)
--Upgrade to Apache Tomcat 6.0.44 or later

Apache Tomcat Security Manager Bypass Vulnerability (CVE-2014-7810)

Install JDK + Tomcat in RedHat Linux 5.5 and deploy Java Projects

Tomcat authoritative guide (second edition) (Chinese/English hd pdf + bookmarks)

Tomcat Security Configuration and Performance Optimization

How to Use Xshell to view Tomcat real-time logs with Chinese garbled characters in Linux

Install JDK and Tomcat in CentOS 64-bit and set the Tomcat Startup Procedure

Install Tomcat in CentOS 6.5

Tomcat details: click here
Tomcat: click here

This article permanently updates the link address: