Description
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ivory Search-WordPress Search Unspecified Vulnerability (5.4.3)
SharePoint Improper Privilege Management Vulnerability (CVE-2021-1712)
WordPress Plugin WP Gravity Forms Zendesk Cross-Site Scripting (1.0.7)
SharePoint Improper Certificate Validation Vulnerability (CVE-2019-1006)
WordPress Plugin Contextual Related Posts Cross-Site Request Forgery (1.8.6)