tomcat6-6.0.24-94.AXS4
エラータID: AXSA:2016-163:01
リリース日:
2016/03/23 Wednesday - 06:11
題名:
tomcat6-6.0.24-94.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Apache Tomcat の Expression Language (EL) 実装は,アクセスできないク
ラスによって実装された,インターフェースがアクセスできる可能性を適切に考
慮しておらず,EL の評価中に誤った権限を使用する Web アプリケーションに
よって,攻撃者が SeucirityManager 保護メカニズムを迂回する脆弱性
があります。(CVE-2014-7810)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-7810
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat6-6.0.24-94.AXS4.src.rpm
MD5: e3b9a63b79f66386a6d6d3e820f53a8b
SHA-256: 4b4b0d3046dcecbaf4242def1ab70fb6e59389e907bd71ba22d66e0d03a369a7
Size: 3.58 MB
Asianux Server 4 for x86
- tomcat6-6.0.24-94.AXS4.i686.rpm
MD5: 8d6f16051d6438418b1138f951ee9c57
SHA-256: 8418721b3fc1d342a97bd34ffc86b89a87a24c04f5e864ecac632406ecf14ec7
Size: 92.39 kB - tomcat6-el-2.1-api-6.0.24-94.AXS4.i686.rpm
MD5: a6f458c4e35f233989733c841c69c2ff
SHA-256: a0277ff927545dc9e5bac01a0e0c101fde6a2f3bb847a2247600e7471392af0c
Size: 48.38 kB - tomcat6-jsp-2.1-api-6.0.24-94.AXS4.i686.rpm
MD5: 7eb464dcb17fecde1324cb11a78fbb6b
SHA-256: c948994e6ba75b0a69f27efade96e18956a1da82551bb55cc8669007d29eda18
Size: 84.78 kB - tomcat6-lib-6.0.24-94.AXS4.i686.rpm
MD5: 039b1b9f9b7350b9656f106d624739a5
SHA-256: 6ff85f5e3915fc809835728a721477a3b4e66768cbb15cee1ed552faf971b60b
Size: 2.90 MB - tomcat6-servlet-2.5-api-6.0.24-94.AXS4.i686.rpm
MD5: f8c3c8f659ee4d34af2cf08785ad69c5
SHA-256: ba640bf3f1a1a01d0d4c36f481bdfbb92074598091167a4508c298b68a9fc3d8
Size: 98.67 kB
Asianux Server 4 for x86_64
- tomcat6-6.0.24-94.AXS4.x86_64.rpm
MD5: 8f9c682df3e7235258f22cfd638fc3ef
SHA-256: fafe49a53aa06cbb7334a47d2de1ab76f7e41521f027c3ec705d777fec2032ee
Size: 91.96 kB - tomcat6-el-2.1-api-6.0.24-94.AXS4.x86_64.rpm
MD5: 644096155e6666c01f037bdcdef77f67
SHA-256: dd94accac68c5030c51b46868a5734568ad3b94680e5a32ed5687be286945c9d
Size: 47.93 kB - tomcat6-jsp-2.1-api-6.0.24-94.AXS4.x86_64.rpm
MD5: 1c2916f159d4d7883b75c40262e719f3
SHA-256: 5bc10c50478972bd990b245a0639ccafc641e493bbb4a5fc95800fa2228c08f4
Size: 84.34 kB - tomcat6-lib-6.0.24-94.AXS4.x86_64.rpm
MD5: 5804e6d784681d118c7d06656917b6d6
SHA-256: 1bd2ea682e8f03ba9b623c6c4ddf02345ddaef8d36dbe7b0c74da51e99e09f63
Size: 2.90 MB - tomcat6-servlet-2.5-api-6.0.24-94.AXS4.x86_64.rpm
MD5: 1d8eaa8027a93aa6445d2840344b74f7
SHA-256: be070b2017ba574512f424bd21ab596f2b1f0648b694b7378693bdafd28c59fe
Size: 98.22 kB