Apache Commons Daemon is prone to a remote information-disclosure vulnerability that affects the 'jsvc' library. Remote attackers can exploit this issue to gain access to files and directories owned by the superuser, through applications using the affected library. This allows attackers to obtain sensitive information that may aid in further attacks. Note: This issue affects applications running on Linux operating systems only. Versions prior to Commons Daemon 1.0.7 are vulnerable. The following Apache Tomcat versions which use the affected library are vulnerable: Tomcat 7.0.0 through 7.0.19 Tomcat 6.0.30 through 6.0.32 Tomcat 5.5.32 through 5.5.33
Updates are available. Please see the references for more information.
Updated on 2015-03-25
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Apache Open For Business HTML injection vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities