Description

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Remediation

References

http://marc.info/?l=bugtraq&m=145974991225029&w=2

http://rhn.redhat.com/errata/RHSA-2015-1621.html

http://rhn.redhat.com/errata/RHSA-2015-1622.html

http://rhn.redhat.com/errata/RHSA-2016-0492.html

http://rhn.redhat.com/errata/RHSA-2016-2046.html

http://svn.apache.org/viewvc?view=revision&revision=1644018

http://svn.apache.org/viewvc?view=revision&revision=1645642

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://tomcat.apache.org/security-8.html

http://www.debian.org/security/2015/dsa-3428

http://www.debian.org/security/2016/dsa-3447

http://www.debian.org/security/2016/dsa-3530

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.securityfocus.com/bid/74665

http://www.securitytracker.com/id/1032330

http://www.ubuntu.com/usn/USN-2654-1

http://www.ubuntu.com/usn/USN-2655-1

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2021-32621 Vulnerability in maven package org.xwiki.platform:xwiki-platform-dashboard-macro

CVE-2016-6816 Vulnerability in maven package org.apache.tomcat:coyote

CVE-2021-39167 Vulnerability in npm package @openzeppelin/contracts

CVE-2019-10785 Vulnerability in maven package org.webjars.npm:dojox

CVE-2019-10461 Vulnerability in maven package org.jenkins-ci.plugins:dynatrace-dashboard

Severity

Critical

Classification

CWE-284

Tags

Third Party Advisory Patch Vendor Advisory