5

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version5.5.32
   ApacheApache Commons Daemon Version1.0.3
   ApacheApache Commons Daemon Version1.0.4
   ApacheApache Commons Daemon Version1.0.5
   ApacheApache Commons Daemon Version1.0.6
   LinuxLinux Kernel
ApacheTomcat Version5.5.33
   ApacheApache Commons Daemon Version1.0.3
   ApacheApache Commons Daemon Version1.0.4
   ApacheApache Commons Daemon Version1.0.5
   ApacheApache Commons Daemon Version1.0.6
   LinuxLinux Kernel
ApacheTomcat Version6.0.30
   ApacheApache Commons Daemon Version1.0.3
   ApacheApache Commons Daemon Version1.0.4
   ApacheApache Commons Daemon Version1.0.5
   ApacheApache Commons Daemon Version1.0.6
   LinuxLinux Kernel
ApacheTomcat Version6.0.31
   ApacheApache Commons Daemon Version1.0.3
   ApacheApache Commons Daemon Version1.0.4
   ApacheApache Commons Daemon Version1.0.5
   ApacheApache Commons Daemon Version1.0.6
   LinuxLinux Kernel
ApacheTomcat Version6.0.32
   ApacheApache Commons Daemon Version1.0.3
   ApacheApache Commons Daemon Version1.0.4
   ApacheApache Commons Daemon Version1.0.5
   ApacheApache Commons Daemon Version1.0.6
   LinuxLinux Kernel
ApacheApache Commons Daemon Version1.0.3
   LinuxLinux Kernel
ApacheApache Commons Daemon Version1.0.4
   LinuxLinux Kernel
ApacheApache Commons Daemon Version1.0.5
   LinuxLinux Kernel
ApacheApache Commons Daemon Version1.0.6
   LinuxLinux Kernel
ApacheTomcat Version7.0.0
   LinuxLinux Kernel
ApacheTomcat Version7.0.0 Updatebeta
   LinuxLinux Kernel
ApacheTomcat Version7.0.1
   LinuxLinux Kernel
ApacheTomcat Version7.0.2
   LinuxLinux Kernel
ApacheTomcat Version7.0.3
   LinuxLinux Kernel
ApacheTomcat Version7.0.4
   LinuxLinux Kernel
ApacheTomcat Version7.0.5
   LinuxLinux Kernel
ApacheTomcat Version7.0.6
   LinuxLinux Kernel
ApacheTomcat Version7.0.7
   LinuxLinux Kernel
ApacheTomcat Version7.0.8
   LinuxLinux Kernel
ApacheTomcat Version7.0.9
   LinuxLinux Kernel
ApacheTomcat Version7.0.10
   LinuxLinux Kernel
ApacheTomcat Version7.0.11
   LinuxLinux Kernel
ApacheTomcat Version7.0.12
   LinuxLinux Kernel
ApacheTomcat Version7.0.13
   LinuxLinux Kernel
ApacheTomcat Version7.0.14
   LinuxLinux Kernel
ApacheTomcat Version7.0.16
   LinuxLinux Kernel
ApacheTomcat Version7.0.17
   LinuxLinux Kernel
ApacheTomcat Version7.0.19
   LinuxLinux Kernel
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.24% 0.935
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://tomcat.apache.org/security-5.html
Vendor Advisory
http://tomcat.apache.org/security-6.html
Vendor Advisory
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/57126
http://marc.info/?l=bugtraq&m=133469267822771&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://tomcat.apache.org/security-7.html
Vendor Advisory
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html
http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E
http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch
http://secunia.com/advisories/46030
http://securitytracker.com/id?1025925
http://svn.apache.org/viewvc?view=revision&revision=1152701
http://svn.apache.org/viewvc?view=revision&revision=1153379
http://svn.apache.org/viewvc?view=revision&revision=1153824
http://www.redhat.com/support/errata/RHSA-2011-1291.html
http://www.redhat.com/support/errata/RHSA-2011-1292.html
http://www.securityfocus.com/archive/1/519263/100/0/threaded
http://www.securityfocus.com/bid/49143
https://bugzilla.redhat.com/show_bug.cgi?id=730400
https://exchange.xforce.ibmcloud.com/vulnerabilities/69161
https://issues.apache.org/jira/browse/DAEMON-214
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450