RHSA-2011%3A1291 — Vulnetix

RHSA-2011%3A1291 PUBLISHED CVSS 5.800000190734863 MEDIUM

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Risk Scores

CVSS 2.0

5.800000190734863

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat JBoss Enterprise Web Server 1

Timeline

Sep 14, 2011 CVE Published
Nov 21, 2025 CVE Updated
Apr 29, 2026 Distribution Patch
Apr 29, 2026 Distribution Patch
Apr 29, 2026 Security Advisory
Apr 29, 2026 Security Advisory

References

https://access.redhat.com/errata/RHSA-2011:1291 advisory
https://access.redhat.com/security/updates/classification/#important advisory
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=webserver&version=1.0.2 advisory
https://bugzilla.redhat.com/show_bug.cgi?id=730400 issue
https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1291.json advisory
https://access.redhat.com/security/cve/CVE-2011-2729 advisory
https://www.cve.org/CVERecord?id=CVE-2011-2729 advisory
https://nvd.nist.gov/vuln/detail/CVE-2011-2729 advisory

Open in Interactive Console →