CVSS: 5.8EPSS: 0%CPEs: 39EXPL: 0CVE-2011-2729 – jakarta-commons-daemon: jsvc does not drop capabilities allowing access to files and directories owned by the superuser
https://notcve.org/view.php?id=CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. native/unix/native/jsvc-unix.c en jsvc en el componente Daemon v1.0.3 hasta v1.0.6 en Apache Commons, usado en Apache Tomcat v5.5.32 hasta v5.5.33, v6.0.30 hasta v6.0.32, y v7.0.x anterior a v7.0.20 en LinuxApache Commons, no elimina permisos, lo que permite a atacantes remotos evitar permisos de lectura para ficheros a través de una petición en una aplicación. • http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E http://marc.info/?l=bugtraq&m=132215163318824&w=2 http://marc.info/?l=bugtraq&m=133469267822771&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w= • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 0%CPEs: 80EXPL: 0CVE-2011-2526 – tomcat: security manager restrictions bypass
https://notcve.org/view.php?id=CVE-2011-2526
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. Apache Tomcat v5.5.x anterior a v5.5.34, v6.x anterior a v6.0.33, y v7.x anterior a v7.0.19, cuando sendfile está habilitado para el conector HTTP APR o HTTP NIO, no valida ciertos atributos en la solicitud, permitiendo a usuarios locales eludir las restricciones de acceso a archivos o causar una denegación de servicio (bucle infinito o caída de JVM) mediante el aprovechamiento de una aplicación web no confiable. • http://marc.info/?l=bugtraq&m=132215163318824&w=2 http://marc.info/?l=bugtraq&m=133469267822771&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://osvdb.org/73797 http://osvdb.org/73798 http://rhn.redhat.com/errata/RHSA-2012-0074.html http://rhn.redhat.com/errata/RHSA-2012-0075.html http://rhn.redhat.com/errata/RHSA-2012-0076.html http://rhn.redhat.com/errata/RHSA-2012-0077.html http: • CWE-20: Improper Input Validation •