EUVD-2011-2707

Malware in sbrugna...

RHSA-2011:1292 Red Hat Security Advisory: jakarta-commons-daemon-jsvc security update

Bulletin has no description...

Mageia: Security Advisory (MGASA-2023-0138)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2023-0138 Updated tomcat packages fix security vulnerability

Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...

SUSE CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

Apache Tomcat 5.5.x < 5.5.34 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 5.5.x listening on the remote host is prior to 5.5.34. It is, there, affected by multiple vulnerabilities : - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows:...

Fixed in Apache Tomcat 5.5.34

Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...

jakarta-commons-daemon: jsvc does not drop capabilities allowing access to files and directories owned by the superuser

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

Important: Red Hat Security Advisory: jakarta-commons-daemon-jsvc security update

A jsvc update for JBoss Enterprise Web Server 1.0.2 on Red Hat Enterprise Linux 4 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CV...

Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.33. It is, therefore, affected by multiple vulnerabilities : - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows:...

Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities

Binary data 800602.prm...

Fixed in Apache Tomcat 6.0.33

Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...

Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability

Apache Commons Daemon is prone to a remote information-disclosure vulnerability that affects the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities &#40;Apache Tomcat&#41;

CVE-2011-2729: Commons Daemon fails to drop capabilities Apache Tomcat Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.19 Tomcat 6.0.30 to 6.0.32 Tomcat 5.5.32 to 5.5.33 Description: Due to a bug in the capabilities code, jsvc the service wrapper...

Apache Tomcat信息泄露漏洞(CVE-2011-2481)

BUGTRAQ ID: 49147 CVE ID: CVE-2011-2481 Tomcat是由Apache软件基金会下属的Jakarta项目开发的一个Servlet容器，按照Sun Microsystems提供的技术规范，实现了对Servlet和JavaServer Page（JSP）的支持，并提供了作为Web服务器的一些特有功能. Tomcat在实现上存在本地信息泄露漏洞，本地攻击者可利用此漏洞泄露敏感信息。 此漏洞源于Jsvc库中的错误，没有解除应用程序访问超级用户拥有的文件和目录。 Apache Group Tomcat 厂商补丁： Apache Group ----------...

Apache Tomcat 7.0.x < 7.0.20 'jsvc' Information Disclosure

Binary data 6007.pasl...

DEBIAN-CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

CVE-2011-2729

CVE-2011-2729 affects the Jakarta Commons Daemon jsvc component in Tomcat runtimes (Tomcat 5.5.32–5.5.33, 6.0.30–6.0.32, and 7.0.x before 7.0.20) where jsvc did not properly drop capabilities. This allows a remote attacker to bypass read permissions for files via an application request. The root ...