New Search

HP-UX Apache Running Tomcat Servlet Engine Remote Information Disclosure Authentication Bypass Cross-Site Scripting (XSS) Unauthorized Access Denial of Service (DoS)

oval:org.mitre.oval:def:14743

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons as used in Apache Tomcat 5.5.32 through 5.5.33 6.0.30 through 6.0.32 and 7.0.x before 7.0.20 on Linux does not drop capabilities which allows remote attackers to bypass read permissions for files via a request to an application.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • HP-UX 11
Class:
vulnerability
Reference(s):
  • CVE-2011-2729
Product(s):