Lucene search

K
redhatRedHatRHSA-2007:0164
HistoryApr 12, 2007 - 12:00 a.m.

(RHSA-2007:0164) Critical: mod_jk security update

2007-04-1200:00:00
access.redhat.com
14

0.621 Medium

EPSS

Percentile

97.8%

mod_jk is a Tomcat connector that can be used to communicate between Tomcat
and the Apache HTTP Server 2.

A stack overflow flaw was found in the URI handler of mod_jk. A remote
attacker could visit a carefully crafted URL being handled by mod_jk and
trigger this flaw, which could lead to the execution of arbitrary code as the
‘apache’ user. (CVE-2007-0774)

Users of mod_jk should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Red Hat would like to thank TippingPoint and the Zero Day Initiative for
reporting this issue.