Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities - Linux

Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : jakarta-commons-daemon (openSUSE-SU-2011:1062-1)

jsvc did not properly drop capabilities, therefore allowing applications to access files owned by the super user CVE-2011-2729. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Gentoo Security Advisory GLSA 201206-24 (apache tomcat)

The remote host is missing updates announced in advisory GLSA 201206-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

jakarta-commons-daemon (important)

jsvc did not properly drop capabilities, therefore allowing applications to access files owned by the super user CVE-2011-2729...

Important: Red Hat Security Advisory: jakarta-commons-daemon-jsvc security update

An updated jakarta-commons-daemon-jsvc package that fixes one security issue is now available for JBoss Enterprise Web Server 1.0 for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVS...

Fedora Update for apache-commons-daemon FEDORA-2011-10936

Check for the Version of apache-commons-daemon OpenVAS Vulnerability Test Fedora Update for apache-commons-daemon FEDORA-2011-10936 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora Update for apache-commons-daemon FEDORA-2011-10936

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 15 : apache-commons-daemon-1.0.7-1.fc15 (2011-10936)

This update fixes several bugs and also security issue CVE-2011-2729. Users are encouraged to update as soon as possible. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

Fedora 16 : apache-commons-daemon-1.0.7-1.fc16 (2011-10880)

This update fixes several bugs and also security issue CVE-2011-2729. Users are encouraged to update as soon as possible. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

Fixed in Apache Tomcat 7.0.20

Important: Information disclosure CVE-2011-2729 Due to a bug in the capabilities code, jsvc the service wrapper for Linux that is part of the Commons Daemon project does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occu...