CVE Vulnerabilities

CVE-2011-2729

Published: Aug 15, 2011 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Affected Software

Name Vendor Start Version End Version
Apache_commons_daemon Apache 1.0.3 1.0.3
Apache_commons_daemon Apache 1.0.4 1.0.4
Apache_commons_daemon Apache 1.0.5 1.0.5
Apache_commons_daemon Apache 1.0.6 1.0.6
Tomcat Apache 5.5.32 5.5.32
Tomcat Apache 5.5.33 5.5.33

References