5
CVSSv2

CVE-2011-2729

Published: 15/08/2011 Updated: 13/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 up to and including 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 up to and including 5.5.33, 6.0.30 up to and including 6.0.32, and 7.0.x prior to 7.0.20 on Linux, does not drop capabilities, which allows remote malicious users to bypass read permissions for files via a request to an application.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 5.5.32

apache tomcat 5.5.33

apache tomcat 6.0.30

apache tomcat 6.0.31

apache tomcat 6.0.32

apache apache_commons_daemon 1.0.3

apache apache_commons_daemon 1.0.4

apache apache_commons_daemon 1.0.5

apache apache_commons_daemon 1.0.6

apache tomcat 7.0.0

apache tomcat 7.0.1

apache tomcat 7.0.2

apache tomcat 7.0.3

apache tomcat 7.0.4

apache tomcat 7.0.5

apache tomcat 7.0.6

apache tomcat 7.0.7

apache tomcat 7.0.8

apache tomcat 7.0.9

apache tomcat 7.0.10

apache tomcat 7.0.11

apache tomcat 7.0.12

apache tomcat 7.0.13

apache tomcat 7.0.14

apache tomcat 7.0.16

apache tomcat 7.0.17

apache tomcat 7.0.19

Vendor Advisories

Apache Commons Daemon would allow unintended access to files over the network ...
IntelligenceCenter uses a version of Tomcat that has several publicly documented vulnerabilities The most severe vulnerability allows an attacker to mount a denial of service attack or to obtain sensitive information by using a specially crafted header ...

References

CWE-264http://tomcat.apache.org/security-7.htmlhttps://issues.apache.org/jira/browse/DAEMON-214http://tomcat.apache.org/security-5.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=730400http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patchhttp://svn.apache.org/viewvc?view=revision&revision=1153379http://tomcat.apache.org/security-6.htmlhttp://svn.apache.org/viewvc?view=revision&revision=1152701http://www.securityfocus.com/bid/49143http://securitytracker.com/id?1025925http://svn.apache.org/viewvc?view=revision&revision=1153824http://www.redhat.com/support/errata/RHSA-2011-1291.htmlhttp://secunia.com/advisories/46030http://www.redhat.com/support/errata/RHSA-2011-1292.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.htmlhttp://marc.info/?l=bugtraq&m=132215163318824&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/57126http://marc.info/?l=bugtraq&m=133469267822771&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/69161https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743http://www.securityfocus.com/archive/1/519263/100/0/threadedhttp://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttp://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3Ehttp://tools.cisco.com/security/center/viewAlert.x?alertId=23898https://usn.ubuntu.com/1298-1/https://nvd.nist.gov