Vulnerability Description
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Apache Commons Daemon | 1.0.3 |
| Apache | Tomcat | 5.5.32 |
| Linux | Linux Kernel | All versions |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html
- http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.909
- http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D
- http://marc.info/?l=bugtraq&m=132215163318824&w=2
- http://marc.info/?l=bugtraq&m=133469267822771&w=2
- http://marc.info/?l=bugtraq&m=136485229118404&w=2
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch
- http://secunia.com/advisories/46030
- http://secunia.com/advisories/57126
- http://securitytracker.com/id?1025925
- http://svn.apache.org/viewvc?view=revision&revision=1152701
- http://svn.apache.org/viewvc?view=revision&revision=1153379
- http://svn.apache.org/viewvc?view=revision&revision=1153824
- http://tomcat.apache.org/security-5.htmlVendor Advisory
FAQ
What is CVE-2011-2729?
CVE-2011-2729 is a vulnerability with a CVSS score of 5.0 (MEDIUM). native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on ...
How severe is CVE-2011-2729?
CVE-2011-2729 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2729?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Apache Commons Daemon, Apache Tomcat, Linux Linux Kernel.