Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDCF86C644-CB6C-11DB-8E9D-000C6EC775D9
HistoryMar 02, 2007 - 12:00 a.m.

mod_jk -- long URL stack overflow vulnerability

2007-03-0200:00:00
vuxml.freebsd.org
17

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.621 Medium

EPSS

Percentile

97.8%

JSON

TippingPoint and The Zero Day Initiative reports:

This vulnerability allows remote attackers to execute
arbitrary code on vulnerable installations of Apache
Tomcat JK Web Server Connector. Authentication is not
required to exploit this vulnerability.
The specific flaw exists in the URI handler for the
mod_jk.so library, map_uri_to_worker(), defined in
native/common/jk_uri_worker_map.c. When parsing a long URL
request, the URI worker map routine performs an unsafe
memory copy. This results in a stack overflow condition
which can be leveraged to execute arbitrary code.

Related

nessus 3
gentoo 1
saint 4
packetstorm 1
redhat 2
debiancve 1
d2 1
openvas 6
ubuntucve 1
checkpoint_advisories 2
nvd 1
cve 1
tomcat 1
securityvulns 2
cvelist 1
zdi 1
cisco 1
prion 1
nessus
nessus
GLSA-200703-16 : Apache JK Tomcat Connector: Remote execution of arbitrary code
2007-03-18 00:00:00
FreeBSD : mod_jk -- long URL stack overflow vulnerability (cf86c644-cb6c-11db-8e9d-000c6ec775d9)
2007-03-06 00:00:00
Apache mod_jk Long URL Worker Map Stack Remote Overflow
2007-03-15 00:00:00
gentoo
gentoo
Apache JK Tomcat Connector: Remote execution of arbitrary code
2007-03-16 00:00:00
saint
saint
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
2008-07-30 00:00:00
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
2008-07-30 00:00:00
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
2008-07-30 00:00:00
packetstorm
packetstorm
apache_modjk_overflow.rb.txt
2007-07-10 00:00:00
redhat
redhat
(RHSA-2007:0164) Critical: mod_jk security update
2007-04-12 00:00:00
(RHSA-2007:0096) Critical: mod_jk security update
2007-03-02 00:00:00
debiancve
debiancve
CVE-2007-0774
2007-03-04 22:19:00
d2
d2
DSquare Exploit Pack: D2SEC_MOD_JK
2007-03-04 22:19:00
openvas
openvas
FreeBSD Ports: mod_jk-ap2, mod_jk
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200703-16 (mod_jk)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200703-16 (mod_jk)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2007-0774
2007-03-04 00:00:00
checkpoint_advisories
checkpoint_advisories
HTTP Format Sizes (CVE-2007-0774)
2013-07-04 00:00:00
Preemptive Protection against Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
2008-08-04 00:00:00
nvd
nvd
CVE-2007-0774
2007-03-04 22:19:00
cve
cve
CVE-2007-0774
2007-03-04 22:19:00
tomcat
tomcat
Fixed in Apache Tomcat JK Connector 1.2.21
2007-02-06 00:00:00
securityvulns
securityvulns
ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
2007-03-02 00:00:00
Apache Tomcat buffer overflow
2007-03-02 00:00:00
cvelist
cvelist
CVE-2007-0774
2007-03-04 22:00:00
zdi
zdi
Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
2007-03-02 00:00:00
cisco
cisco
Cisco Wireless Control System Tomcat mod_jk.so Vulnerability
2008-01-30 16:00:00
prion
prion
Stack overflow
2007-03-04 22:19:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.621 Medium

EPSS

Percentile

97.8%

JSON
Related for CF86C644-CB6C-11DB-8E9D-000C6EC775D9
nessus3gentoo1saint4packetstorm1redhat2debiancve1d21openvas6ubuntucve1checkpoint_advisories2nvd1cve1tomcat1securityvulns2cvelist1zdi1cisco1prion1