Bug 931442 (CVE-2014-7810) - VUL-0: CVE-2014-7810: tomcat, tomcat6: Tomcat/JbossWeb: security manager bypass via EL expressions
Summary: VUL-0: CVE-2014-7810: tomcat, tomcat6: Tomcat/JbossWeb: security manager bypa...
Status: RESOLVED FIXED
Alias: CVE-2014-7810
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2015-07-02
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/116888/
Whiteboard: maint:running:62034:moderate maint:ru...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-19 09:35 UTC by Alexander Bergmann
Modified: 2016-04-27 19:38 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2015-05-19 09:35:47 UTC 
rh#1222573

-----------------------------------------------------
It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections.

Upstream patches:

http://svn.apache.org/viewvc?view=revision&revision=1644019
http://svn.apache.org/viewvc?view=revision&revision=1645644

External References:

http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.59
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.17
-----------------------------------------------------

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1222573
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
Comment 1 Alexander Bergmann 2015-05-19 09:46:36 UTC 
This problem affects Apache Tomcat 6 and 7.

SLE-10-SP3: 5.5.27 (not affected)
SLE-11:     6.0.41
SLE-12:     7.0.55

openSUSE:13.1: 7.0.42
openSUSE:13.2: 7.0.55
Comment 2 Swamp Workflow Management 2015-05-19 22:01:04 UTC 
bugbot adjusting priority
Comment 4 Swamp Workflow Management 2015-06-18 08:57:51 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-07-02.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62033
Comment 5 Swamp Workflow Management 2015-06-18 08:59:41 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-07-02.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62034
Comment 8 Swamp Workflow Management 2015-07-22 16:07:56 UTC 
SUSE-SU-2015:1281-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 931442
CVE References: CVE-2014-7810
Sources used:
SUSE Linux Enterprise Server 12 (src):    tomcat-7.0.55-8.2
Comment 9 Sebastian Krahmer 2015-08-03 12:08:50 UTC 
released
Comment 10 Swamp Workflow Management 2015-08-03 13:09:27 UTC 
SUSE-SU-2015:1337-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 906152,917127,918195,926762,931442,932698
CVE References: CVE-2014-0227,CVE-2014-0230,CVE-2014-7810
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    tomcat6-6.0.41-0.45.1
SUSE Linux Enterprise Server 11 SP3 (src):    tomcat6-6.0.41-0.45.1
Comment 11 Swamp Workflow Management 2015-09-16 15:10:39 UTC 
SUSE-SU-2015:1565-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 906152,917127,926762,931442,932698,934219
CVE References: CVE-2014-0227,CVE-2014-0230,CVE-2014-7810
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    tomcat6-6.0.41-0.47.1