Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat security vulnerabilities
Published:17.08.2011
Source:
SecurityVulns ID:11866
Type:remote
Threat Level:
6/10
Description:Privilege escalation, information disclosure.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.)
 CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.)
Original documentdocumentAPACHE, [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat) (17.08.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod