CVE-2011-2729 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-2729 Interim 1 19 2025-11-05T05:46:56Z current 2021-05-30T12:58:41Z 2025-11-05T05:46:56Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-2729 native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/kb/doc/?id=7009193 E-Mail link for TID7009193 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YWKC3XOZKCCYZ3SMUQR33TQIZDSJQY6U/#YWKC3XOZKCCYZ3SMUQR33TQIZDSJQY6U E-Mail link for openSUSE-SU-2011:1062-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP5 openSUSE Tumbleweed apache-commons-daemon-1.0.15-4.181 apache-commons-daemon-1.0.15-4.221 apache-commons-daemon-1.0.15-6.10 apache-commons-daemon-1.0.15-7.7 apache-commons-daemon-1.4.0-160000.2.2 apache-commons-daemon-javadoc-1.0.15-4.181 apache-commons-daemon-javadoc-1.0.15-4.221 apache-commons-daemon-javadoc-1.0.15-6.10 apache-commons-daemon-javadoc-1.0.15-7.7 apache-commons-daemon-javadoc-1.4.0-160000.2.2 apache-commons-daemon-jsvc-1.0.15-7.7 apache-commons-daemon-jsvc-1.4.0-160000.2.2 apache-commons-daemon-1.0.15-6.10 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 apache-commons-daemon-javadoc-1.0.15-6.10 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 apache-commons-daemon-1.0.15-4.221 as a component of SUSE Linux Enterprise Server 12 apache-commons-daemon-javadoc-1.0.15-4.221 as a component of SUSE Linux Enterprise Server 12 apache-commons-daemon-1.0.15-4.221 as a component of SUSE Linux Enterprise Server 12 SP1 apache-commons-daemon-javadoc-1.0.15-4.221 as a component of SUSE Linux Enterprise Server 12 SP1 apache-commons-daemon-1.0.15-4.221 as a component of SUSE Linux Enterprise Server 12 SP2 apache-commons-daemon-javadoc-1.0.15-4.221 as a component of SUSE Linux Enterprise Server 12 SP2 apache-commons-daemon-1.0.15-6.10 as a component of SUSE Linux Enterprise Server 12 SP3 apache-commons-daemon-javadoc-1.0.15-6.10 as a component of SUSE Linux Enterprise Server 12 SP3 apache-commons-daemon-1.0.15-6.10 as a component of SUSE Linux Enterprise Server 12 SP4 apache-commons-daemon-javadoc-1.0.15-6.10 as a component of SUSE Linux Enterprise Server 12 SP4 apache-commons-daemon-1.0.15-6.10 as a component of SUSE Linux Enterprise Server 12 SP5 apache-commons-daemon-javadoc-1.0.15-6.10 as a component of SUSE Linux Enterprise Server 12 SP5 apache-commons-daemon-1.4.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 apache-commons-daemon-javadoc-1.4.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 apache-commons-daemon-jsvc-1.4.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 apache-commons-daemon-1.0.15-4.181 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 apache-commons-daemon-javadoc-1.0.15-4.181 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 apache-commons-daemon-1.0.15-6.10 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 apache-commons-daemon-javadoc-1.0.15-6.10 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 apache-commons-daemon-1.0.15-7.7 as a component of openSUSE Tumbleweed apache-commons-daemon-javadoc-1.0.15-7.7 as a component of openSUSE Tumbleweed apache-commons-daemon-jsvc-1.0.15-7.7 as a component of openSUSE Tumbleweed native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. CVE-2011-2729 SUSE Linux Enterprise High Performance Computing 12 SP5:apache-commons-daemon-1.0.15-6.10 SUSE Linux Enterprise High Performance Computing 12 SP5:apache-commons-daemon-javadoc-1.0.15-6.10 SUSE Linux Enterprise Server 12:apache-commons-daemon-1.0.15-4.221 SUSE Linux Enterprise Server 12:apache-commons-daemon-javadoc-1.0.15-4.221 SUSE Linux Enterprise Server 12 SP1:apache-commons-daemon-1.0.15-4.221 SUSE Linux Enterprise Server 12 SP1:apache-commons-daemon-javadoc-1.0.15-4.221 SUSE Linux Enterprise Server 12 SP2:apache-commons-daemon-1.0.15-4.221 SUSE Linux Enterprise Server 12 SP2:apache-commons-daemon-javadoc-1.0.15-4.221 SUSE Linux Enterprise Server 12 SP3:apache-commons-daemon-1.0.15-6.10 SUSE Linux Enterprise Server 12 SP3:apache-commons-daemon-javadoc-1.0.15-6.10 SUSE Linux Enterprise Server 12 SP4:apache-commons-daemon-1.0.15-6.10 SUSE Linux Enterprise Server 12 SP4:apache-commons-daemon-javadoc-1.0.15-6.10 SUSE Linux Enterprise Server 12 SP5:apache-commons-daemon-1.0.15-6.10 SUSE Linux Enterprise Server 12 SP5:apache-commons-daemon-javadoc-1.0.15-6.10 SUSE Linux Enterprise Server 16.0:apache-commons-daemon-1.4.0-160000.2.2 SUSE Linux Enterprise Server 16.0:apache-commons-daemon-javadoc-1.4.0-160000.2.2 SUSE Linux Enterprise Server 16.0:apache-commons-daemon-jsvc-1.4.0-160000.2.2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache-commons-daemon-1.0.15-4.181 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache-commons-daemon-javadoc-1.0.15-4.181 SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache-commons-daemon-1.0.15-6.10 SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache-commons-daemon-javadoc-1.0.15-6.10 openSUSE Tumbleweed:apache-commons-daemon-1.0.15-7.7 openSUSE Tumbleweed:apache-commons-daemon-javadoc-1.0.15-7.7 openSUSE Tumbleweed:apache-commons-daemon-jsvc-1.0.15-7.7 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N