5

CVE-2011-2729

EPSS 8.78%
Veröffentlicht 15.08.2011 21:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 33

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version5.5.32

   Apache ≫ Apache Commons Daemon Version1.0.3
   Apache ≫ Apache Commons Daemon Version1.0.4
   Apache ≫ Apache Commons Daemon Version1.0.5
   Apache ≫ Apache Commons Daemon Version1.0.6
   Linux ≫ Linux Kernel

Apache ≫ Tomcat Version5.5.33

   Apache ≫ Apache Commons Daemon Version1.0.3
   Apache ≫ Apache Commons Daemon Version1.0.4
   Apache ≫ Apache Commons Daemon Version1.0.5
   Apache ≫ Apache Commons Daemon Version1.0.6
   Linux ≫ Linux Kernel

Apache ≫ Tomcat Version6.0.30

   Apache ≫ Apache Commons Daemon Version1.0.3
   Apache ≫ Apache Commons Daemon Version1.0.4
   Apache ≫ Apache Commons Daemon Version1.0.5
   Apache ≫ Apache Commons Daemon Version1.0.6
   Linux ≫ Linux Kernel

Apache ≫ Tomcat Version6.0.31

   Apache ≫ Apache Commons Daemon Version1.0.3
   Apache ≫ Apache Commons Daemon Version1.0.4
   Apache ≫ Apache Commons Daemon Version1.0.5
   Apache ≫ Apache Commons Daemon Version1.0.6
   Linux ≫ Linux Kernel

Apache ≫ Tomcat Version6.0.32

   Apache ≫ Apache Commons Daemon Version1.0.3
   Apache ≫ Apache Commons Daemon Version1.0.4
   Apache ≫ Apache Commons Daemon Version1.0.5
   Apache ≫ Apache Commons Daemon Version1.0.6
   Linux ≫ Linux Kernel

Apache ≫ Apache Commons Daemon Version1.0.3

Linux ≫ Linux Kernel

Apache ≫ Apache Commons Daemon Version1.0.4

Linux ≫ Linux Kernel

Apache ≫ Apache Commons Daemon Version1.0.5

Linux ≫ Linux Kernel

Apache ≫ Apache Commons Daemon Version1.0.6

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.0

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.0 Updatebeta

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.1

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.2

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.3

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.4

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.5

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.6

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.7

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.8

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.9

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.10

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.11

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.12

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.13

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.14

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.16

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.17

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.19

Linux ≫ Linux Kernel

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.78%	0.916

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://tomcat.apache.org/security-5.html

Vendor Advisory

http://tomcat.apache.org/security-6.html

Vendor Advisory

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://secunia.com/advisories/57126

http://marc.info/?l=bugtraq&m=133469267822771&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://tomcat.apache.org/security-7.html

Vendor Advisory

http://marc.info/?l=bugtraq&m=132215163318824&w=2

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html

http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E

http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E

http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch

http://secunia.com/advisories/46030

http://securitytracker.com/id?1025925

http://svn.apache.org/viewvc?view=revision&revision=1152701

http://svn.apache.org/viewvc?view=revision&revision=1153379

http://svn.apache.org/viewvc?view=revision&revision=1153824

http://www.redhat.com/support/errata/RHSA-2011-1291.html

http://www.redhat.com/support/errata/RHSA-2011-1292.html

http://www.securityfocus.com/archive/1/519263/100/0/threaded

http://www.securityfocus.com/bid/49143

https://bugzilla.redhat.com/show_bug.cgi?id=730400

https://exchange.xforce.ibmcloud.com/vulnerabilities/69161

https://issues.apache.org/jira/browse/DAEMON-214

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450

https://nvd.nist.gov/vuln/detail/CVE-2011-2729

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2729

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2729

EUVD