Path to dependency file: /tmp/ws-scm/proctor/proctor-common/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,canner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/proctor/proctor-pipet/proctor-pipet-deploy/target/proctor-pipet-deploy-9999-SNAPSHOT/WEB-INF/lib/tomcat-el-api-7.0.8.jar
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
CVE-2014-7810 - Medium Severity Vulnerability
Expression language package
Path to dependency file: /tmp/ws-scm/proctor/proctor-common/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,canner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/home/wss-scanner/.m2/repository/org/apache/tomcat/tomcat-el-api/7.0.8/tomcat-el-api-7.0.8.jar,/proctor/proctor-pipet/proctor-pipet-deploy/target/proctor-pipet-deploy-9999-SNAPSHOT/WEB-INF/lib/tomcat-el-api-7.0.8.jar
Dependency Hierarchy: - :x: **tomcat-el-api-7.0.8.jar** (Vulnerable Library)
Found in HEAD commit: 151dc45fc7c1c05aedd4f218e9bc0cced914ed1c
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Publish Date: 2015-06-07
URL: CVE-2014-7810
Base Score Metrics not available
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-7810
Release Date: 2015-06-07
Fix Resolution: 6.0.44,7.0.58,8.0.16
:rescue_worker_helmet: Automatic Remediation is available for this issue