CVE-2011-2729

描述

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

受影響套件(1)

• Debian/commons-daemonfrom 0, < 1.0.7-1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-2729