Apache Tomcat JK Web Server Connector URI worker map buffer overflow

2008-07-30T00:00:00
ID SAINT:37FC92C1A986F0EB47F82AEA5467F030
Type saint
Reporter SAINT Corporation
Modified 2008-07-30T00:00:00

Description

Added: 07/30/2008
CVE: CVE-2007-0774
BID: 22791
OSVDB: 33855

Background

Apache Tomcat is a Java web application platform which can run under various types of web servers. The JK Web Server Connector (mod_jk) is used for communication between Tomcat and the web server.

Problem

A buffer overflow in a URI worker map routine allows remote attackers to execute arbitrary commands by sending a request for a long, specially crafted URI to the web server.

Resolution

Upgrade to mod_jk 1.2.21 or higher.

References

<http://tomcat.apache.org/security-jk.html>
<http://www.zerodayinitiative.com/advisories/ZDI-07-008/>

Limitations

Exploit works on Apache Tomcat JK Web Server Connector 1.2.19 for Apache HTTP Server 2.0.58 on Windows and Apache Tomcat JK Web Server Connector 1.2.20 for Apache HTTP Server 2.0.58 on Linux. Apache, Apache Tomcat, and the JK Web Server Connector must be properly configured on the target in order for this exploit to succeed.

IPv6 support for this exploit is only available for Linux targets.

Platforms

Windows 2000
Windows Server 2003
Linux