Description
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
Remediation
References
Related Vulnerabilities
phpMyFAQ Misinterpretation of Input Vulnerability (CVE-2023-0880)
WordPress Plugin Ad Buttons Multiple Vulnerabilities (2.3.1)
Oracle JRE CVE-2013-2426 Vulnerability (CVE-2013-2426)
Atlassian Confluence Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6342)
Jenkins Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2018-1999043)