CVE-2011-2729
CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.htmlhttp://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3Ehttp://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3Ehttp://marc.info/?l=bugtraq&m=132215163318824&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patchhttps://bugzilla.redhat.com/show_bug.cgi?id=730400http://secunia.com/advisories/46030http://secunia.com/advisories/57126http://securitytracker.com/id?1025925