Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-7cpu-h5fr-8ffd
Vulnerability ID VCID-7cpu-h5fr-8ffd
Aliases CVE-2014-7810
GHSA-4c43-cwvx-9crh
Summary The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-284 Improper Access Control
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=145974991225029&w=2
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1621.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1622.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2016-0492.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2016-2046.html
epss 0.09485 https://api.first.org/data/v1/epss?cve=CVE-2014-7810
epss 0.09485 https://api.first.org/data/v1/epss?cve=CVE-2014-7810
epss 0.09485 https://api.first.org/data/v1/epss?cve=CVE-2014-7810
epss 0.09485 https://api.first.org/data/v1/epss?cve=CVE-2014-7810
epss 0.09485 https://api.first.org/data/v1/epss?cve=CVE-2014-7810
epss 0.09485 https://api.first.org/data/v1/epss?cve=CVE-2014-7810
epss 0.09485 https://api.first.org/data/v1/epss?cve=CVE-2014-7810
epss 0.09485 https://api.first.org/data/v1/epss?cve=CVE-2014-7810
epss 0.09485 https://api.first.org/data/v1/epss?cve=CVE-2014-7810
apache_tomcat Moderate https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-4c43-cwvx-9crh
generic_textual MODERATE https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
generic_textual MODERATE https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2014-7810
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1644018
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1645642
generic_textual MODERATE http://tomcat.apache.org/security-6.html
generic_textual MODERATE http://tomcat.apache.org/security-7.html
generic_textual MODERATE http://tomcat.apache.org/security-8.html
generic_textual MODERATE http://www.debian.org/security/2015/dsa-3428
generic_textual MODERATE http://www.debian.org/security/2016/dsa-3447
generic_textual MODERATE http://www.debian.org/security/2016/dsa-3530
generic_textual MODERATE http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
generic_textual MODERATE http://www.ubuntu.com/usn/USN-2654-1
generic_textual MODERATE http://www.ubuntu.com/usn/USN-2655-1
Reference id Reference type URL
http://marc.info/?l=bugtraq&m=145974991225029&w=2
http://rhn.redhat.com/errata/RHSA-2015-1621.html
http://rhn.redhat.com/errata/RHSA-2015-1622.html
http://rhn.redhat.com/errata/RHSA-2016-0492.html
http://rhn.redhat.com/errata/RHSA-2016-2046.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7810.json
https://api.first.org/data/v1/epss?cve=CVE-2014-7810
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
https://svn.apache.org/viewvc?view=rev&rev=1644018
https://svn.apache.org/viewvc?view=rev&rev=1644019
https://svn.apache.org/viewvc?view=rev&rev=1645366
https://svn.apache.org/viewvc?view=rev&rev=1645642
https://svn.apache.org/viewvc?view=rev&rev=1645644
https://svn.apache.org/viewvc?view=rev&rev=1659538
http://svn.apache.org/viewvc?view=revision&revision=1644018
http://svn.apache.org/viewvc?view=revision&revision=1645642
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://www.debian.org/security/2015/dsa-3428
http://www.debian.org/security/2016/dsa-3447
http://www.debian.org/security/2016/dsa-3530
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.ubuntu.com/usn/USN-2654-1
http://www.ubuntu.com/usn/USN-2655-1
1222573 https://bugzilla.redhat.com/show_bug.cgi?id=1222573
CVE-2014-7810 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
CVE-2014-7810 https://nvd.nist.gov/vuln/detail/CVE-2014-7810
GHSA-4c43-cwvx-9crh https://github.com/advisories/GHSA-4c43-cwvx-9crh
RHSA-2015:1621 https://access.redhat.com/errata/RHSA-2015:1621
RHSA-2015:1622 https://access.redhat.com/errata/RHSA-2015:1622
RHSA-2016:0492 https://access.redhat.com/errata/RHSA-2016:0492
USN-2654-1 https://usn.ubuntu.com/2654-1/
USN-2655-1 https://usn.ubuntu.com/2655-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.928
EPSS Score 0.09485
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:13.006049+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-8.html 38.0.0