(RHSA-2007:0096) Critical: mod_jk security update

2007-03-02T05:00:00
ID RHSA-2007:0096
Type redhat
Reporter RedHat
Modified 2019-03-22T23:43:59

Description

mod_jk is a Tomcat connector that can be used to communicate between Tomcat and the Apache HTTP Server 2. mod_jk was first distributed with Red Hat Application Stack version 1.1 released on 19 February 2007.

A stack overflow flaw was found in the URI handler of mod_jk. A remote attacker could visit a carefully crafted URL being handled by mod_jk and trigger this flaw, which could lead to the execution of arbitrary code as the 'apache' user. (CVE-2007-0774)

Users of mod_jk should upgrade to these updated packages, which contain a backported patch to correct this issue.

Red Hat would like to thank TippingPoint and the Zero Day Initiative for reporting this issue.