CVE-2011-2729 (retired)

Priority
Description
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3
through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through
5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not
drop capabilities, which allows remote attackers to bypass read permissions
for files via a request to an application.
Notes
 mdeslaur> tomcat isn't built with commons
 jdstrand> according to upstream, needs to be built with libcap to be affected.
  Only Ubuntu 11.04 and later are built with libcap.
Assigned-to
mdeslaur
Package
Upstream:released (1.0.7-1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1152701
More Information

Updated: 2019-03-26 11:57:22 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)