CVE-2011-2729

N/A Unknown
Published: August 15, 2011 Modified: April 29, 2026
View on NVD

Description

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html
Source: secalert@redhat.com
http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E
Source: secalert@redhat.com
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E
Source: secalert@redhat.com
http://marc.info/?l=bugtraq&m=132215163318824&w=2
Source: secalert@redhat.com
http://marc.info/?l=bugtraq&m=133469267822771&w=2
Source: secalert@redhat.com
http://marc.info/?l=bugtraq&m=136485229118404&w=2
Source: secalert@redhat.com
http://marc.info/?l=bugtraq&m=139344343412337&w=2
Source: secalert@redhat.com
http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch
Source: secalert@redhat.com
http://secunia.com/advisories/46030
Source: secalert@redhat.com
http://secunia.com/advisories/57126
Source: secalert@redhat.com
http://securitytracker.com/id?1025925
Source: secalert@redhat.com
http://svn.apache.org/viewvc?view=revision&revision=1152701
Source: secalert@redhat.com
http://svn.apache.org/viewvc?view=revision&revision=1153379
Source: secalert@redhat.com
http://svn.apache.org/viewvc?view=revision&revision=1153824
Source: secalert@redhat.com
http://tomcat.apache.org/security-5.html
Source: secalert@redhat.com
Vendor Advisory
http://tomcat.apache.org/security-6.html
Source: secalert@redhat.com
Vendor Advisory
http://tomcat.apache.org/security-7.html
Source: secalert@redhat.com
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1291.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2011-1292.html
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/519263/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/bid/49143
Source: secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=730400
Source: secalert@redhat.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/69161
Source: secalert@redhat.com
https://issues.apache.org/jira/browse/DAEMON-214
Source: secalert@redhat.com
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450
Source: secalert@redhat.com
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=bugtraq&m=132215163318824&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=bugtraq&m=133469267822771&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=bugtraq&m=136485229118404&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=bugtraq&m=139344343412337&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/46030
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/57126
Source: af854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1025925
Source: af854a3a-2127-422b-91ae-364da2661108
http://svn.apache.org/viewvc?view=revision&revision=1152701
Source: af854a3a-2127-422b-91ae-364da2661108
http://svn.apache.org/viewvc?view=revision&revision=1153379
Source: af854a3a-2127-422b-91ae-364da2661108
http://svn.apache.org/viewvc?view=revision&revision=1153824
Source: af854a3a-2127-422b-91ae-364da2661108
http://tomcat.apache.org/security-5.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tomcat.apache.org/security-6.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tomcat.apache.org/security-7.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1291.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2011-1292.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/519263/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/49143
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.redhat.com/show_bug.cgi?id=730400
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/69161
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.apache.org/jira/browse/DAEMON-214
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450
Source: af854a3a-2127-422b-91ae-364da2661108

60 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
7.2%
94th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

linux apache

Related CVEs

CVE-2026-13422 4.3
CVE-2026-13335 6.4
CVE-2026-13333 6.5
CVE-2026-13331 6.5
CVE-2026-11356 4.4