Description

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Remediation

References

CVE-2011-2729

Related Vulnerabilities

WordPress Plugin BrewMaster Multiple Cross-Site Scripting Vulnerabilities (1.0)

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26271)

Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999004)

WordPress Plugin SocialGrid 'default_services' Parameter Cross-Site Scripting (2.3)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1826)

Severity

Medium

Classification

CVE-2011-2729 CWE-264

Tags

Missing Update Known Vulnerabilities