Lucene search

[email protected]NVD:CVE-2011-2729

HistoryAug 15, 2011 - 9:55 p.m.

CVE-2011-2729

2011-08-1521:55:02

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

4.3

Confidence

High

EPSS

0.002

Percentile

57.8%

JSON

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Affected configurations

Nvd

Node

apacheapache_commons_daemonMatch1.0.3

apacheapache_commons_daemonMatch1.0.4

apacheapache_commons_daemonMatch1.0.5

apacheapache_commons_daemonMatch1.0.6

apachetomcatMatch5.5.32

apachetomcatMatch5.5.33

AND

linuxlinux_kernel

Node

apacheapache_commons_daemonMatch1.0.3

apacheapache_commons_daemonMatch1.0.4

apacheapache_commons_daemonMatch1.0.5

apacheapache_commons_daemonMatch1.0.6

apachetomcatMatch6.0.30

apachetomcatMatch6.0.31

apachetomcatMatch6.0.32

AND

linuxlinux_kernel

Node

apacheapache_commons_daemonMatch1.0.3

apacheapache_commons_daemonMatch1.0.4

apacheapache_commons_daemonMatch1.0.5

apacheapache_commons_daemonMatch1.0.6

apachetomcatMatch7.0.0

apachetomcatMatch7.0.0beta

apachetomcatMatch7.0.1

apachetomcatMatch7.0.2

apachetomcatMatch7.0.3

apachetomcatMatch7.0.4

apachetomcatMatch7.0.5

apachetomcatMatch7.0.6

apachetomcatMatch7.0.7

apachetomcatMatch7.0.8

apachetomcatMatch7.0.9

apachetomcatMatch7.0.10

apachetomcatMatch7.0.11

apachetomcatMatch7.0.12

apachetomcatMatch7.0.13

apachetomcatMatch7.0.14

apachetomcatMatch7.0.16

apachetomcatMatch7.0.17

apachetomcatMatch7.0.19

AND

linuxlinux_kernel

VendorProductVersionCPE
apacheapache_commons_daemon1.0.3cpe:2.3:a:apache:apache_commons_daemon:1.0.3:*:*:*:*:*:*:*
apacheapache_commons_daemon1.0.4cpe:2.3:a:apache:apache_commons_daemon:1.0.4:*:*:*:*:*:*:*
apacheapache_commons_daemon1.0.5cpe:2.3:a:apache:apache_commons_daemon:1.0.5:*:*:*:*:*:*:*
apacheapache_commons_daemon1.0.6cpe:2.3:a:apache:apache_commons_daemon:1.0.6:*:*:*:*:*:*:*
apachetomcat5.5.32cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*
apachetomcat5.5.33cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
apachetomcat6.0.30cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
apachetomcat6.0.31cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
apachetomcat6.0.32cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	apache_commons_daemon	1.0.3	cpe:2.3:a:apache:apache_commons_daemon:1.0.3:::::::*
apache	apache_commons_daemon	1.0.4	cpe:2.3:a:apache:apache_commons_daemon:1.0.4:::::::*
apache	apache_commons_daemon	1.0.5	cpe:2.3:a:apache:apache_commons_daemon:1.0.5:::::::*
apache	apache_commons_daemon	1.0.6	cpe:2.3:a:apache:apache_commons_daemon:1.0.6:::::::*
apache	tomcat	5.5.32	cpe:2.3:a:apache:tomcat:5.5.32:::::::*
apache	tomcat	5.5.33	cpe:2.3:a:apache:tomcat:5.5.33:::::::*
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
apache	tomcat	6.0.30	cpe:2.3:a:apache:tomcat:6.0.30:::::::*
apache	tomcat	6.0.31	cpe:2.3:a:apache:tomcat:6.0.31:::::::*
apache	tomcat	6.0.32	cpe:2.3:a:apache:tomcat:6.0.32:::::::*

Rows per page:

1-10 of 291

References

lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html

mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E

mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E

marc.info/?l=bugtraq&m=132215163318824&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch

secunia.com/advisories/46030

secunia.com/advisories/57126

securitytracker.com/id?1025925

svn.apache.org/viewvc?view=revision&revision=1152701

svn.apache.org/viewvc?view=revision&revision=1153379

svn.apache.org/viewvc?view=revision&revision=1153824

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

www.redhat.com/support/errata/RHSA-2011-1291.html

www.redhat.com/support/errata/RHSA-2011-1292.html

www.securityfocus.com/archive/1/519263/100/0/threaded

www.securityfocus.com/bid/49143

bugzilla.redhat.com/show_bug.cgi?id=730400

exchange.xforce.ibmcloud.com/vulnerabilities/69161

issues.apache.org/jira/browse/DAEMON-214

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

4.3

Confidence

High

EPSS

0.002

Percentile

57.8%

JSON

Related for NVD:CVE-2011-2729

openvas11 nessus10 securityvulns2 fedora2 ubuntu1 cve1 tomcat3 ubuntucve1 prion1 cvelist1 suse1 veracode1 debiancve1 osv1 gentoo1