CVE Vulnerabilities

CVE-2011-2729

Published: Aug 15, 2011 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
5.8 IMPORTANT
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Affected Software

Name Vendor Start Version End Version
JBEWS 1.0 for RHEL 4 RedHat jakarta-commons-daemon-jsvc-1:1.0.5-1.5.patch01.ep5.el4 *
Commons-daemon Ubuntu hardy *
Commons-daemon Ubuntu natty *
Commons-daemon Ubuntu oneiric *
Commons-daemon Ubuntu upstream *

References