CVE-2007-0774 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-0774
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0774

Description: Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/32794 ST 1017719 SAID Secunia Advisory: SA24398 Secunia Advisory: SA24558 Secunia Advisory: SA27037 Secunia Advisory: SA28711 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0096.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5513 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-008.html HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200703-16.xml CONFIRM http://tomcat.apache.org/security-jk.html http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html CISCO http://www.cisco.com/en/US/products/products_security_advisory09186a008093f040.shtml BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/461734/100/0/threaded BID 22791

Return to the previous page.