Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Apache Tomcat
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11866
Тип:удаленная
Уровень опасности:
6/10
Описание:Утечка информации, повышение привилегий.
Затронутые продукты:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.)
 CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.)
Оригинальный текстdocumentAPACHE, [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat) (17.08.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород