- Apache Tomcat prior to 6.0.44, 7.0.55, 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (memory consumption) via a series of aborted upload attempts.
- The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
- Successfully exploiting these vulnerabilities might allow a remote attacker to bypass security restrictions.
Multiple vulnerabilities affecting Apache Tomcat have been reported:
- Denial of Service Vulnerability (CVE-2014-0230).
- Security Manager bypass Vulnerability (CVE-2014-7810).
- SAP BusinessObjects Business Intelligence Platform (BI) 4.0/4.1.
- All supported OS.
- Tomcat (6, 7, 8) (Below the minor versions which are mentioned in symptoms)
Tomcat, BI, 4.x, 4.0, 4.1, multiple, vulnerabilities, Apache, security, cve-2014-0230, cve-2014-7810, cve, 7, 8, 6, , KBA , BI-BIP-INS , Installation, Updates, Upgrade, Patching , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.