native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 up to and including 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 up to and including 5.5.33, 6.0.30 up to and including 6.0.32, and 7.0.x prior to 7.0.20 on Linux, does not drop capabilities, which allows remote malicious users to bypass read permissions for files via a request to an application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 5.5.32 |
||
apache tomcat 5.5.33 |
||
apache tomcat 6.0.30 |
||
apache tomcat 6.0.31 |
||
apache tomcat 6.0.32 |
||
apache apache commons daemon 1.0.3 |
||
apache apache commons daemon 1.0.4 |
||
apache apache commons daemon 1.0.5 |
||
apache apache commons daemon 1.0.6 |
||
apache tomcat 7.0.0 |
||
apache tomcat 7.0.1 |
||
apache tomcat 7.0.2 |
||
apache tomcat 7.0.3 |
||
apache tomcat 7.0.4 |
||
apache tomcat 7.0.5 |
||
apache tomcat 7.0.6 |
||
apache tomcat 7.0.7 |
||
apache tomcat 7.0.8 |
||
apache tomcat 7.0.9 |
||
apache tomcat 7.0.10 |
||
apache tomcat 7.0.11 |
||
apache tomcat 7.0.12 |
||
apache tomcat 7.0.13 |
||
apache tomcat 7.0.14 |
||
apache tomcat 7.0.16 |
||
apache tomcat 7.0.17 |
||
apache tomcat 7.0.19 |