Lucene search

[email protected]CVE-2011-2729

HistoryAug 15, 2011 - 9:55 p.m.

CVE-2011-2729

2011-08-1521:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve

2011

2729

jsvc

apache commons

daemon

component

apache tomcat

linux

capabilities

remote attackers

permissions

4.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.4%

JSON

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

CPENameOperatorVersion
apache:tomcatapache tomcateq5.5.32
apache:tomcatapache tomcateq5.5.33
apache:tomcatapache tomcateq6.0.30
apache:tomcatapache tomcateq6.0.31
apache:tomcatapache tomcateq6.0.32
apache:apache_commons_daemonapache apache commons daemoneq1.0.3
apache:apache_commons_daemonapache apache commons daemoneq1.0.4
apache:apache_commons_daemonapache apache commons daemoneq1.0.5
apache:apache_commons_daemonapache apache commons daemoneq1.0.6
apache:tomcatapache tomcateq7.0.0

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	5.5.32
apache:tomcat	apache tomcat	eq	5.5.33
apache:tomcat	apache tomcat	eq	6.0.30
apache:tomcat	apache tomcat	eq	6.0.31
apache:tomcat	apache tomcat	eq	6.0.32
apache:apache_commons_daemon	apache apache commons daemon	eq	1.0.3
apache:apache_commons_daemon	apache apache commons daemon	eq	1.0.4
apache:apache_commons_daemon	apache apache commons daemon	eq	1.0.5
apache:apache_commons_daemon	apache apache commons daemon	eq	1.0.6
apache:tomcat	apache tomcat	eq	7.0.0

Rows per page:

1-10 of 271

References

lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html

mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E

mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E

marc.info/?l=bugtraq&m=132215163318824&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch

secunia.com/advisories/46030

secunia.com/advisories/57126

securitytracker.com/id?1025925

svn.apache.org/viewvc?view=revision&revision=1152701

svn.apache.org/viewvc?view=revision&revision=1153379

svn.apache.org/viewvc?view=revision&revision=1153824

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

www.redhat.com/support/errata/RHSA-2011-1291.html

www.redhat.com/support/errata/RHSA-2011-1292.html

www.securityfocus.com/archive/1/519263/100/0/threaded

www.securityfocus.com/bid/49143

bugzilla.redhat.com/show_bug.cgi?id=730400

exchange.xforce.ibmcloud.com/vulnerabilities/69161

issues.apache.org/jira/browse/DAEMON-214

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450

4.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.4%

JSON

Related for CVE-2011-2729

openvas11 tomcat3 nessus10 fedora2 ubuntu1 securityvulns2 prion1 ubuntucve1 suse1 veracode1 debiancve1 gentoo1