Descriptionnative/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
SUSE informationSUSE Bugzilla entry: 715656 [RESOLVED / FIXED] SUSE Security Advisories:
- openSUSE-SU-2011:1062-1, published Fri, 23 Sep 2011 13:08:20 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 11.4|| |
|openSUSE 11.4|| ||Patchnames: |