Path to dependency file: /tmp/ws-scm/proctor/proctor-common/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,canner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/proctor/proctor-pipet/proctor-pipet-deploy/target/proctor-pipet-deploy-9999-SNAPSHOT/WEB-INF/lib/tomcat-el-api-7.0.8.jar
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
CVE-2014-7810 - Medium Severity Vulnerability
Vulnerable Library - tomcat-el-api-7.0.8.jar
Expression language package
Path to dependency file: /tmp/ws-scm/proctor/proctor-common/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,canner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/proctor/proctor-pipet/proctor-pipet-deploy/target/proctor-pipet-deploy-9999-SNAPSHOT/WEB-INF/lib/tomcat-el-api-7.0.8.jar
Dependency Hierarchy: - :x: **tomcat-el-api-7.0.8.jar** (Vulnerable Library)
Found in HEAD commit: 151dc45fc7c1c05aedd4f218e9bc0cced914ed1c
Vulnerability Details
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Publish Date: 2015-06-07
URL: CVE-2014-7810
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-7810
Release Date: 2015-06-07
Fix Resolution: 6.0.44,7.0.58,8.0.16
:rescue_worker_helmet: Automatic Remediation is available for this issue