CVE-2011-2729 — Apache Commons Daemon vulnerability

CWE-26410 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

8.8%

top 7.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Commons Daemon Apache Tomcat

Timeline

PublishedAug 15

Latest updateMay 14

Description

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDapache/apache_commons_daemon4 versions+3

▶NVDapache/tomcat23 versions+22

🔴Vulnerability Details

GHSA

GHSA-7mg3-pr99-8rh7: native/unix/native/jsvc-unix↗2022-05-14

▶

CVEList

CVE-2011-2729: native/unix/native/jsvc-unix↗2011-08-15

▶

OSV

CVE-2011-2729: native/unix/native/jsvc-unix↗2011-08-15

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - Print Spooler Service Impersonation (MS10-061) (Metasploit)↗2011-02-17

▶

📋Vendor Advisories

Ubuntu

Apache Commons Daemon vulnerability↗2011-12-12

▶

Red Hat

jakarta-commons-daemon: jsvc does not drop capabilities allowing access to files and directories owned by the superuser↗2011-08-12

▶

Debian

CVE-2011-2729: commons-daemon - native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0...↗2011

▶

💬Community

Bugzilla

CVE-2011-2729 jakarta-commons-daemon: jsvc does not drop capabilities allowing access to files and directories owned by the superuser [fedora-15]↗2011-08-15

▶

Bugzilla

CVE-2011-2729 jakarta-commons-daemon: jsvc does not drop capabilities allowing access to files and directories owned by the superuser↗2011-08-12

▶