DEBIAN-CVE-2011-2729

DEBIAN-CVE-2011-2729 PUBLISHED

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Affected Products

Vendor	Product	Versions
Debian:14	commons-daemon	0, 0, 0
Debian:12	commons-daemon	0, 0, 0
Debian:11	commons-daemon	0, 0, 0
Debian:13	commons-daemon	0, 0, 0

Timeline

Aug 15, 2011 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2011-2729 advisory

Open in Interactive Console →