Description

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Remediation

References

CVE-2011-2729

Related Vulnerabilities

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16173)

WordPress Plugin Two Factor Authentication Cross-Site Scripting (1.0.7)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Cross-Site Request Forgery (5.5.6)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.16)

WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.5)

Severity

Medium

Classification

CVE-2011-2729 CWE-264

Tags

Missing Update Known Vulnerabilities