Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Apache Tomcat
дополнено с 11 мая 2015 г.
Опубликовано:17 мая 2015 г.
Источник:
SecurityVulns ID:14462
Тип:библиотека
Уровень опасности:
5/10
Описание:Исчерпание ресурсов, обход ограничений.
Затронутые продукты:APACHE : Tomcat 8.0
CVE:CVE-2014-7810 (The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.)
 CVE-2014-0230 (Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (memory consumption) via a series of aborted upload attempts.)
Оригинальный текстdocumentAPACHE, [SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass (17.05.2015)
 documentAPACHE, [SECURITY] CVE-2014-0230: Apache Tomcat DoS (11.05.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород