Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2007:0164
HistoryApr 12, 2007 - 12:00 a.m.

(RHSA-2007:0164) Critical: mod_jk security update

2007-04-1200:00:00
access.redhat.com
14

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.621 Medium

EPSS

Percentile

97.8%

JSON

mod_jk is a Tomcat connector that can be used to communicate between Tomcat
and the Apache HTTP Server 2.

A stack overflow flaw was found in the URI handler of mod_jk. A remote
attacker could visit a carefully crafted URL being handled by mod_jk and
trigger this flaw, which could lead to the execution of arbitrary code as the
‘apache’ user. (CVE-2007-0774)

Users of mod_jk should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Red Hat would like to thank TippingPoint and the Zero Day Initiative for
reporting this issue.

Related

checkpoint_advisories 2
openvas 6
d2 1
saint 4
nessus 3
ubuntucve 1
nvd 1
cve 1
prion 1
securityvulns 2
cisco 1
zdi 1
tomcat 1
freebsd 1
cvelist 1
redhat 1
packetstorm 1
debiancve 1
gentoo 1
checkpoint_advisories
checkpoint_advisories
HTTP Format Sizes (CVE-2007-0774)
2013-07-04 00:00:00
Preemptive Protection against Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
2008-08-04 00:00:00
openvas
openvas
FreeBSD Ports: mod_jk-ap2, mod_jk
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200703-16 (mod_jk)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200703-16 (mod_jk)
2008-09-24 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_MOD_JK
2007-03-04 22:19:00
saint
saint
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
2008-07-30 00:00:00
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
2008-07-30 00:00:00
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
2008-07-30 00:00:00
nessus
nessus
FreeBSD : mod_jk -- long URL stack overflow vulnerability (cf86c644-cb6c-11db-8e9d-000c6ec775d9)
2007-03-06 00:00:00
Apache mod_jk Long URL Worker Map Stack Remote Overflow
2007-03-15 00:00:00
GLSA-200703-16 : Apache JK Tomcat Connector: Remote execution of arbitrary code
2007-03-18 00:00:00
ubuntucve
ubuntucve
CVE-2007-0774
2007-03-04 00:00:00
nvd
nvd
CVE-2007-0774
2007-03-04 22:19:00
cve
cve
CVE-2007-0774
2007-03-04 22:19:00
prion
prion
Stack overflow
2007-03-04 22:19:00
securityvulns
securityvulns
Apache Tomcat buffer overflow
2007-03-02 00:00:00
ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
2007-03-02 00:00:00
cisco
cisco
Cisco Wireless Control System Tomcat mod_jk.so Vulnerability
2008-01-30 16:00:00
zdi
zdi
Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
2007-03-02 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat JK Connector 1.2.21
2007-02-06 00:00:00
freebsd
freebsd
mod_jk -- long URL stack overflow vulnerability
2007-03-02 00:00:00
cvelist
cvelist
CVE-2007-0774
2007-03-04 22:00:00
redhat
redhat
(RHSA-2007:0096) Critical: mod_jk security update
2007-03-02 00:00:00
packetstorm
packetstorm
apache_modjk_overflow.rb.txt
2007-07-10 00:00:00
debiancve
debiancve
CVE-2007-0774
2007-03-04 22:19:00
gentoo
gentoo
Apache JK Tomcat Connector: Remote execution of arbitrary code
2007-03-16 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.621 Medium

EPSS

Percentile

97.8%

JSON
Related for RHSA-2007:0164
checkpoint_advisories2openvas6d21saint4nessus3ubuntucve1nvd1cve1prion1securityvulns2cisco1zdi1tomcat1freebsd1cvelist1redhat1packetstorm1debiancve1gentoo1