Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
tomcatApache TomcatTOMCAT:0CCB6AABA904855BA739BBD3E04B3907
HistoryAug 11, 2011 - 12:00 a.m.

Fixed in Apache Tomcat 7.0.20

2011-08-1100:00:00
Apache Tomcat
tomcat.apache.org
15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.4%

JSON

Important: Information disclosure CVE-2011-2729

Due to a bug in the capabilities code, jsvc (the service wrapper for Linux that is part of the Commons Daemon project) does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occurs when all of the following are true:

  • Tomcat is running on a Linux operating system
  • jsvc was compiled with libcap
  • -user parameter is used

Affected Tomcat versions shipped with source files for jsvc that included this vulnerability.

This was fixed in revision 1153379.

This was identified by Wilfried Weissmann on 20 July 2011 and made public on 12 August 2011.

Affects: 7.0.0-7.0.19

CPENameOperatorVersion
apache tomcatge7.0.0
apache tomcatle7.0.19

Related

nessus 10
openvas 11
securityvulns 2
cve 1
fedora 2
ubuntu 1
prion 1
ubuntucve 1
suse 1
veracode 1
debiancve 1
tomcat 2
gentoo 1
nessus
nessus
openSUSE Security Update : jakarta-commons-daemon (openSUSE-SU-2011:1062-1)
2014-06-13 00:00:00
Fedora 16 : apache-commons-daemon-1.0.7-1.fc16 (2011-10880)
2011-08-24 00:00:00
Ubuntu 11.04 / 11.10 : commons-daemon vulnerability (USN-1298-1)
2011-12-13 00:00:00
openvas
openvas
Fedora Update for apache-commons-daemon FEDORA-2011-10880
2012-04-02 00:00:00
Ubuntu: Security Advisory (USN-1298-1)
2011-12-16 00:00:00
Fedora Update for apache-commons-daemon FEDORA-2011-10936
2011-08-31 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)
2011-08-17 00:00:00
Apache Tomcat security vulnerabilities
2011-08-17 00:00:00
cve
cve
CVE-2011-2729
2011-08-15 21:55:00
fedora
fedora
[SECURITY] Fedora 15 Update: apache-commons-daemon-1.0.7-1.fc15
2011-08-26 19:04:45
[SECURITY] Fedora 16 Update: apache-commons-daemon-1.0.7-1.fc16
2011-08-23 20:23:41
ubuntu
ubuntu
Apache Commons Daemon vulnerability
2011-12-12 00:00:00
prion
prion
Authentication flaw
2011-08-15 21:55:00
ubuntucve
ubuntucve
CVE-2011-2729
2011-08-15 00:00:00
suse
suse
jakarta-commons-daemon (important)
2011-09-23 13:08:20
veracode
veracode
Privilege Escalation
2019-03-25 08:40:43
debiancve
debiancve
CVE-2011-2729
2011-08-15 21:55:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.33
2011-08-18 00:00:00
Fixed in Apache Tomcat 5.5.34
2011-09-22 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.4%

JSON
Related for TOMCAT:0CCB6AABA904855BA739BBD3E04B3907
nessus10openvas11securityvulns2cve1fedora2ubuntu1prion1ubuntucve1suse1veracode1debiancve1tomcat2gentoo1