native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 up to and including 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 up to and including 5.5.33, 6.0.30 up to and including 6.0.32, and 7.0.x prior to 7.0.20 on Linux, does not drop capabilities, which allows remote malicious users to bypass read permissions for files via a request to an application.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache tomcat 5.5.32 |
||
apache tomcat 5.5.33 |
||
apache tomcat 6.0.30 |
||
apache tomcat 6.0.31 |
||
apache tomcat 6.0.32 |
||
apache apache_commons_daemon 1.0.3 |
||
apache apache_commons_daemon 1.0.4 |
||
apache apache_commons_daemon 1.0.5 |
||
apache apache_commons_daemon 1.0.6 |
||
apache tomcat 7.0.0 |
||
apache tomcat 7.0.1 |
||
apache tomcat 7.0.2 |
||
apache tomcat 7.0.3 |
||
apache tomcat 7.0.4 |
||
apache tomcat 7.0.5 |
||
apache tomcat 7.0.6 |
||
apache tomcat 7.0.7 |
||
apache tomcat 7.0.8 |
||
apache tomcat 7.0.9 |
||
apache tomcat 7.0.10 |
||
apache tomcat 7.0.11 |
||
apache tomcat 7.0.12 |
||
apache tomcat 7.0.13 |
||
apache tomcat 7.0.14 |
||
apache tomcat 7.0.16 |
||
apache tomcat 7.0.17 |
||
apache tomcat 7.0.19 |
Vulmon