5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
57.4%
Important: Information disclosure CVE-2011-2729
Due to a bug in the capabilities code, jsvc (the service wrapper for Linux that is part of the Commons Daemon project) does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occurs when all of the following are true:
Affected Tomcat versions shipped with source files for jsvc that included this vulnerability.
This was fixed in revision 1153379.
This was identified by Wilfried Weissmann on 20 July 2011 and made public on 12 August 2011.
Affects: 7.0.0-7.0.19
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 7.0.0 | |
apache tomcat | le | 7.0.19 |