Lucene search

PRIOn knowledge basePRION:CVE-2011-2729

HistoryAug 15, 2011 - 9:55 p.m.

Authentication flaw

2011-08-1521:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.9%

JSON

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

CPENameOperatorVersion
apache_commons_daemoneq1.0.3
apache_commons_daemoneq1.0.4
apache_commons_daemoneq1.0.5
apache_commons_daemoneq1.0.6
tomcateq5.5.32
tomcateq5.5.33
tomcateq6.0.30
tomcateq6.0.31
tomcateq6.0.32
tomcateq7.0.0

Name	Operator	Version
apache_commons_daemon	eq	1.0.3
apache_commons_daemon	eq	1.0.4
apache_commons_daemon	eq	1.0.5
apache_commons_daemon	eq	1.0.6
tomcat	eq	5.5.32
tomcat	eq	5.5.33
tomcat	eq	6.0.30
tomcat	eq	6.0.31
tomcat	eq	6.0.32
tomcat	eq	7.0.0

Rows per page:

1-10 of 281

References

lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html

mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E

mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E

people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch

secunia.com/advisories/46030

secunia.com/advisories/57126

securitytracker.com/id?1025925

svn.apache.org/viewvc?view=revision&revision=1152701

svn.apache.org/viewvc?view=revision&revision=1153379

svn.apache.org/viewvc?view=revision&revision=1153824

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

www.redhat.com/support/errata/RHSA-2011-1291.html

www.redhat.com/support/errata/RHSA-2011-1292.html

www.securityfocus.com/archive/1/519263/100/0/threaded

www.securityfocus.com/bid/49143

bugzilla.redhat.com/show_bug.cgi?id=730400

exchange.xforce.ibmcloud.com/vulnerabilities/69161

issues.apache.org/jira/browse/DAEMON-214

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

marc.info/?l=bugtraq&m=132215163318824&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.9%

JSON

Related for PRION:CVE-2011-2729