CVE-2011-2729

2011-08-15T17:55:02
ID CVE-2011-2729
Type cve
Reporter NVD
Modified 2018-10-09T15:32:52

Description

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.