CVE-2011-2729
Description
jsvc in Apache Commons Daemon 1.0.3-1.0.6 fails to drop Linux capabilities, allowing remote attackers to bypass file read permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
jsvc in Apache Commons Daemon 1.0.3-1.0.6 fails to drop Linux capabilities, allowing remote attackers to bypass file read permissions.
Vulnerability
The vulnerability resides in native/unix/native/jsvc-unix.c in the jsvc component of Apache Commons Daemon versions 1.0.3 through 1.0.6. This component is used by Apache Tomcat on Linux. Affected Tomcat versions include 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 [1][2][3]. The bug is that jsvc does not drop Linux capabilities after starting the Tomcat service, leaving elevated privileges that should have been removed.
Exploitation
An attacker needs network access to the Tomcat server and the ability to send requests to an application. No authentication is required. By crafting a request that accesses a file with restricted read permissions, the attacker can leverage the retained capabilities to read files that would otherwise be inaccessible. The exact steps involve sending a request to a vulnerable application that triggers file access through the Tomcat process, which still holds the elevated capabilities.
Impact
Successful exploitation allows a remote attacker to bypass file read permissions on the Linux host. This leads to unauthorized disclosure of sensitive information (confidentiality impact). The attacker does not gain code execution or write access, but can read any file that the Tomcat process has capabilities to read, potentially including configuration files, passwords, or other sensitive data.
Mitigation
The fix is to upgrade to a non-vulnerable version: Apache Tomcat 7.0.20 or later, Tomcat 6.0.33 or later, Tomcat 5.5.34 or later [1][2][3]. For the Daemon component, upgrade to jsvc 1.0.7 or later. Note that Tomcat 5.5.x and 6.0.x have reached end of life and are no longer supported; users should upgrade to Tomcat 9.0.x or later [1][2][3]. No workaround is provided in the available references.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
31cpe:2.3:a:apache:apache_commons_daemon:1.0.3:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:apache:apache_commons_daemon:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:apache_commons_daemon:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:apache_commons_daemon:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:apache_commons_daemon:1.0.6:*:*:*:*:*:*:*
- (no CPE)range: >=1.0.3, <=1.0.6
cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
- (no CPE)range: 5.5.32-5.5.33, 6.0.30-6.0.32, 7.0.0-7.0.19
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
30- tomcat.apache.org/security-5.htmlnvdVendor Advisory
- tomcat.apache.org/security-6.htmlnvdVendor Advisory
- tomcat.apache.org/security-7.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.htmlnvd
- mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3Envd
- mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3Envd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patchnvd
- secunia.com/advisories/46030nvd
- secunia.com/advisories/57126nvd
- securitytracker.com/idnvd
- svn.apache.org/viewvcnvd
- svn.apache.org/viewvcnvd
- svn.apache.org/viewvcnvd
- www.redhat.com/support/errata/RHSA-2011-1291.htmlnvd
- www.redhat.com/support/errata/RHSA-2011-1292.htmlnvd
- www.securityfocus.com/archive/1/519263/100/0/threadednvd
- www.securityfocus.com/bid/49143nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/69161nvd
- issues.apache.org/jira/browse/DAEMON-214nvd
- lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Envd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450nvd
News mentions
0No linked articles in our index yet.