Lucene search
Ubuntu.comUB:CVE-2011-2729HistoryAug 15, 2011 - 12:00 a.m.
CVE-2011-2729
2011-08-1500:00:00
ubuntu.com
ubuntu.com
10
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
57.3%
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3
through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through
5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not
drop capabilities, which allows remote attackers to bypass read permissions
for files via a request to an application.
Bugs
- <https://issues.apache.org/jira/browse/DAEMON-214>
- <https://bugzilla.redhat.com/show_bug.cgi?id=730400>
Notes
| Author | Note |
|---|---|
| mdeslaur | tomcat isn’t built with commons |
| jdstrand | according to upstream, needs to be built with libcap to be affected. Only Ubuntu 11.04 and later are built with libcap. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 11.04 | noarch | commons-daemon | < 1.0.4-1ubuntu0.1 | UNKNOWN |
| ubuntu | 11.10 | noarch | commons-daemon | < 1.0.6-1ubuntu0.1 | UNKNOWN |
References
Related
openvas
openvas
Fedora Update for apache-commons-daemon FEDORA-2011-10936
2011-08-31 00:00:00
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
2011-08-17 00:00:00
Fedora Update for apache-commons-daemon FEDORA-2011-10880
2012-04-02 00:00:00
cve
cve
CVE-2011-2729
2011-08-15 21:55:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.20
2011-08-11 00:00:00
Fixed in Apache Tomcat 6.0.33
2011-08-18 00:00:00
Fixed in Apache Tomcat 5.5.34
2011-09-22 00:00:00
nessus
nessus
Fedora 16 : apache-commons-daemon-1.0.7-1.fc16 (2011-10880)
2011-08-24 00:00:00
Ubuntu 11.04 / 11.10 : commons-daemon vulnerability (USN-1298-1)
2011-12-13 00:00:00
openSUSE Security Update : jakarta-commons-daemon (openSUSE-SU-2011:1062-1)
2014-06-13 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: apache-commons-daemon-1.0.7-1.fc15
2011-08-26 19:04:45
[SECURITY] Fedora 16 Update: apache-commons-daemon-1.0.7-1.fc16
2011-08-23 20:23:41
ubuntu
ubuntu
Apache Commons Daemon vulnerability
2011-12-12 00:00:00
prion
prion
Authentication flaw
2011-08-15 21:55:00
securityvulns
securityvulns
[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)
2011-08-17 00:00:00
Apache Tomcat security vulnerabilities
2011-08-17 00:00:00
suse
suse
jakarta-commons-daemon (important)
2011-09-23 13:08:20
veracode
veracode
Privilege Escalation
2019-03-25 08:40:43
debiancve
debiancve
CVE-2011-2729
2011-08-15 21:55:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
57.3%
Related for UB:CVE-2011-2729