5

CVE-2011-2729

EPSS 8.78%
Published 15.08.2011 21:55:02
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Affected products Warnungen 0 Metrics 2 CWE 0 References 33

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Tomcat Version5.5.32

   Apache ≫ Apache Commons Daemon Version1.0.3
   Apache ≫ Apache Commons Daemon Version1.0.4
   Apache ≫ Apache Commons Daemon Version1.0.5
   Apache ≫ Apache Commons Daemon Version1.0.6
   Linux ≫ Linux Kernel

Apache ≫ Tomcat Version5.5.33

   Apache ≫ Apache Commons Daemon Version1.0.3
   Apache ≫ Apache Commons Daemon Version1.0.4
   Apache ≫ Apache Commons Daemon Version1.0.5
   Apache ≫ Apache Commons Daemon Version1.0.6
   Linux ≫ Linux Kernel

Apache ≫ Tomcat Version6.0.30

   Apache ≫ Apache Commons Daemon Version1.0.3
   Apache ≫ Apache Commons Daemon Version1.0.4
   Apache ≫ Apache Commons Daemon Version1.0.5
   Apache ≫ Apache Commons Daemon Version1.0.6
   Linux ≫ Linux Kernel

Apache ≫ Tomcat Version6.0.31

   Apache ≫ Apache Commons Daemon Version1.0.3
   Apache ≫ Apache Commons Daemon Version1.0.4
   Apache ≫ Apache Commons Daemon Version1.0.5
   Apache ≫ Apache Commons Daemon Version1.0.6
   Linux ≫ Linux Kernel

Apache ≫ Tomcat Version6.0.32

   Apache ≫ Apache Commons Daemon Version1.0.3
   Apache ≫ Apache Commons Daemon Version1.0.4
   Apache ≫ Apache Commons Daemon Version1.0.5
   Apache ≫ Apache Commons Daemon Version1.0.6
   Linux ≫ Linux Kernel

Apache ≫ Apache Commons Daemon Version1.0.3

Linux ≫ Linux Kernel

Apache ≫ Apache Commons Daemon Version1.0.4

Linux ≫ Linux Kernel

Apache ≫ Apache Commons Daemon Version1.0.5

Linux ≫ Linux Kernel

Apache ≫ Apache Commons Daemon Version1.0.6

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.0

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.0 Updatebeta

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.1

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.2

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.3

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.4

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.5

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.6

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.7

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.8

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.9

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.10

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.11

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.12

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.13

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.14

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.16

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.17

Linux ≫ Linux Kernel

Apache ≫ Tomcat Version7.0.19

Linux ≫ Linux Kernel

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	8.78%	0.916

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://tomcat.apache.org/security-5.html

Vendor Advisory

http://tomcat.apache.org/security-6.html

Vendor Advisory

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://secunia.com/advisories/57126

http://marc.info/?l=bugtraq&m=133469267822771&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://tomcat.apache.org/security-7.html

Vendor Advisory

http://marc.info/?l=bugtraq&m=132215163318824&w=2

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html

http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E

http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E

http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch

http://secunia.com/advisories/46030

http://securitytracker.com/id?1025925

http://svn.apache.org/viewvc?view=revision&revision=1152701

http://svn.apache.org/viewvc?view=revision&revision=1153379

http://svn.apache.org/viewvc?view=revision&revision=1153824

http://www.redhat.com/support/errata/RHSA-2011-1291.html

http://www.redhat.com/support/errata/RHSA-2011-1292.html

http://www.securityfocus.com/archive/1/519263/100/0/threaded

http://www.securityfocus.com/bid/49143

https://bugzilla.redhat.com/show_bug.cgi?id=730400

https://exchange.xforce.ibmcloud.com/vulnerabilities/69161

https://issues.apache.org/jira/browse/DAEMON-214

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450

https://nvd.nist.gov/vuln/detail/CVE-2011-2729

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2729

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2729

EUVD