Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat security vulnerabilities
updated since 11.05.2015
Published:17.05.2015
Source:
SecurityVulns ID:14462
Type:library
Threat Level:
5/10
Description:Resources exhaustion, restrictions bypass.
Affected:APACHE : Tomcat 8.0
CVE:CVE-2014-7810 (The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.)
 CVE-2014-0230 (Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (memory consumption) via a series of aborted upload attempts.)
Original documentdocumentAPACHE, [SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass (17.05.2015)
 documentAPACHE, [SECURITY] CVE-2014-0230: Apache Tomcat DoS (11.05.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod