File Read Permissions Bypass in Apache Commons Daemon Component

File Read Permissions Bypass in Apache Commons Daemon Component

CVE-2011-2729 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Learn more about our Cis Benchmark Audit For Apache Http Server.