5
CVE-2011-2729
- EPSS 7.24%
- Veröffentlicht 15.08.2011 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:31:53
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ Tomcat Version5.5.32
Apache ≫ Apache Commons Daemon Version1.0.3
Apache ≫ Apache Commons Daemon Version1.0.4
Apache ≫ Apache Commons Daemon Version1.0.5
Apache ≫ Apache Commons Daemon Version1.0.6
Linux ≫ Linux Kernel
Apache ≫ Apache Commons Daemon Version1.0.4
Apache ≫ Apache Commons Daemon Version1.0.5
Apache ≫ Apache Commons Daemon Version1.0.6
Linux ≫ Linux Kernel
Apache ≫ Tomcat Version5.5.33
Apache ≫ Apache Commons Daemon Version1.0.3
Apache ≫ Apache Commons Daemon Version1.0.4
Apache ≫ Apache Commons Daemon Version1.0.5
Apache ≫ Apache Commons Daemon Version1.0.6
Linux ≫ Linux Kernel
Apache ≫ Apache Commons Daemon Version1.0.4
Apache ≫ Apache Commons Daemon Version1.0.5
Apache ≫ Apache Commons Daemon Version1.0.6
Linux ≫ Linux Kernel
Apache ≫ Tomcat Version6.0.30
Apache ≫ Apache Commons Daemon Version1.0.3
Apache ≫ Apache Commons Daemon Version1.0.4
Apache ≫ Apache Commons Daemon Version1.0.5
Apache ≫ Apache Commons Daemon Version1.0.6
Linux ≫ Linux Kernel
Apache ≫ Apache Commons Daemon Version1.0.4
Apache ≫ Apache Commons Daemon Version1.0.5
Apache ≫ Apache Commons Daemon Version1.0.6
Linux ≫ Linux Kernel
Apache ≫ Tomcat Version6.0.31
Apache ≫ Apache Commons Daemon Version1.0.3
Apache ≫ Apache Commons Daemon Version1.0.4
Apache ≫ Apache Commons Daemon Version1.0.5
Apache ≫ Apache Commons Daemon Version1.0.6
Linux ≫ Linux Kernel
Apache ≫ Apache Commons Daemon Version1.0.4
Apache ≫ Apache Commons Daemon Version1.0.5
Apache ≫ Apache Commons Daemon Version1.0.6
Linux ≫ Linux Kernel
Apache ≫ Tomcat Version6.0.32
Apache ≫ Apache Commons Daemon Version1.0.3
Apache ≫ Apache Commons Daemon Version1.0.4
Apache ≫ Apache Commons Daemon Version1.0.5
Apache ≫ Apache Commons Daemon Version1.0.6
Linux ≫ Linux Kernel
Apache ≫ Apache Commons Daemon Version1.0.4
Apache ≫ Apache Commons Daemon Version1.0.5
Apache ≫ Apache Commons Daemon Version1.0.6
Linux ≫ Linux Kernel
Apache ≫ Apache Commons Daemon Version1.0.3
Apache ≫ Apache Commons Daemon Version1.0.4
Apache ≫ Apache Commons Daemon Version1.0.5
Apache ≫ Apache Commons Daemon Version1.0.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.24% | 0.935 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/57126
http://marc.info/?l=bugtraq&m=133469267822771&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://tomcat.apache.org/security-7.html
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html
http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E
http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch
http://secunia.com/advisories/46030
http://securitytracker.com/id?1025925
http://svn.apache.org/viewvc?view=revision&revision=1152701
http://svn.apache.org/viewvc?view=revision&revision=1153379
http://svn.apache.org/viewvc?view=revision&revision=1153824
http://www.redhat.com/support/errata/RHSA-2011-1291.html
http://www.redhat.com/support/errata/RHSA-2011-1292.html
http://www.securityfocus.com/archive/1/519263/100/0/threaded
http://www.securityfocus.com/bid/49143
https://bugzilla.redhat.com/show_bug.cgi?id=730400
https://exchange.xforce.ibmcloud.com/vulnerabilities/69161
https://issues.apache.org/jira/browse/DAEMON-214
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450