Apache Tomcat CVE-2011-2729 Weak Authentication Vulnerability
Description
Due to a bug in the capabilities code, jsvc (the service wrapper for Linux that is part of the Commons Daemon project) does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occurs when all of the following are true:
Affected Applications
Apache Tomcat