CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
57.8%
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | apache_commons_daemon | 1.0.3 | cpe:2.3:a:apache:apache_commons_daemon:1.0.3:*:*:*:*:*:*:* |
apache | apache_commons_daemon | 1.0.4 | cpe:2.3:a:apache:apache_commons_daemon:1.0.4:*:*:*:*:*:*:* |
apache | apache_commons_daemon | 1.0.5 | cpe:2.3:a:apache:apache_commons_daemon:1.0.5:*:*:*:*:*:*:* |
apache | apache_commons_daemon | 1.0.6 | cpe:2.3:a:apache:apache_commons_daemon:1.0.6:*:*:*:*:*:*:* |
apache | tomcat | 5.5.32 | cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:* |
apache | tomcat | 5.5.33 | cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:* |
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
apache | tomcat | 6.0.30 | cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:* |
apache | tomcat | 6.0.31 | cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:* |
apache | tomcat | 6.0.32 | cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html
mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E
mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E
marc.info/?l=bugtraq&m=132215163318824&w=2
marc.info/?l=bugtraq&m=133469267822771&w=2
marc.info/?l=bugtraq&m=136485229118404&w=2
marc.info/?l=bugtraq&m=139344343412337&w=2
people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch
secunia.com/advisories/46030
secunia.com/advisories/57126
securitytracker.com/id?1025925
svn.apache.org/viewvc?view=revision&revision=1152701
svn.apache.org/viewvc?view=revision&revision=1153379
svn.apache.org/viewvc?view=revision&revision=1153824
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
www.redhat.com/support/errata/RHSA-2011-1291.html
www.redhat.com/support/errata/RHSA-2011-1292.html
www.securityfocus.com/archive/1/519263/100/0/threaded
www.securityfocus.com/bid/49143
bugzilla.redhat.com/show_bug.cgi?id=730400
exchange.xforce.ibmcloud.com/vulnerabilities/69161
issues.apache.org/jira/browse/DAEMON-214
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450