Apache Commons Daemon is prone to a remote information-disclosure vulnerability that affects the 'jsvc' library. Remote attackers can exploit this issue to gain access to files and directories owned by the superuser, through applications using the affected library. This allows attackers to obtain sensitive information that may aid in further attacks. Note: This issue affects applications running on Linux operating systems only. Versions prior to Commons Daemon 1.0.7 are vulnerable. The following Apache Tomcat versions which use the affected library are vulnerable: Tomcat 7.0.0 through 7.0.19 Tomcat 6.0.30 through 6.0.32 Tomcat 5.5.32 through 5.5.33
Updates are available. Please see the references for more information.
- http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%[email protected]%3E
Updated on 2015-03-25