Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability Network Vulnerability

Summary

Apache Commons Daemon is prone to a remote information-disclosure vulnerability that affects the 'jsvc' library. Remote attackers can exploit this issue to gain access to files and directories owned by the superuser, through applications using the affected library. This allows attackers to obtain sensitive information that may aid in further attacks. Note: This issue affects applications running on Linux operating systems only. Versions prior to Commons Daemon 1.0.7 are vulnerable. The following Apache Tomcat versions which use the affected library are vulnerable: Tomcat 7.0.0 through 7.0.19 Tomcat 6.0.30 through 6.0.32 Tomcat 5.5.32 through 5.5.33

Solution

Updates are available. Please see the references for more information.

References

http://commons.apache.org/daemon/
http://commons.apache.org/daemon/jsvc.html
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306@apache.org%3E
http://tomcat.apache.org/
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/49143

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2729
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
AN Guestbook Local File Inclusion Vulnerability
123 Flash Chat Multiple Security Vulnerabilities
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities