Novell Home

CVE-2011-2729

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-2729 at MITRE

Description

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entry: 715656

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.4
  • jakarta-commons-daemon >= 1.0.5-4.5.1
  • jakarta-commons-daemon-java >= 1.0.5-4.5.1
  • jakarta-commons-daemon-javadoc >= 1.0.5-4.5.1

© 2014 Novell