14 matches found
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
Added: 07/30/2008 CVE: CVE-2007-0774 BID: 22791 OSVDB: 33855 Background Apache Tomcat is a Java web application platform which can run under various types of web servers. The JK Web Server Connector modjk is used for communication between Tomcat and the web server. Problem A buffer overflow in a...
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
Added: 07/30/2008 CVE: CVE-2007-0774 BID: 22791 OSVDB: 33855 Background Apache Tomcat is a Java web application platform which can run under various types of web servers. The JK Web Server Connector modjk is used for communication between Tomcat and the web server. Problem A buffer overflow in a...
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
Added: 07/30/2008 CVE: CVE-2007-0774 BID: 22791 OSVDB: 33855 Background Apache Tomcat is a Java web application platform which can run under various types of web servers. The JK Web Server Connector modjk is used for communication between Tomcat and the web server. Problem A buffer overflow in a...
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
Added: 07/30/2008 CVE: CVE-2007-0774 BID: 22791 OSVDB: 33855 Background Apache Tomcat is a Java web application platform which can run under various types of web servers. The JK Web Server Connector modjk is used for communication between Tomcat and the web server. Problem A buffer overflow in a...
Apache Tomcat JK Web Server Connector双重编码“..”绕过安全限制漏洞
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在处理畸形编码的文件请求时存在漏洞,远程攻击者可能利用此漏洞绕过访问限制。 Apache Tomcat用于连接tomcat和apache之间的连接器JK Web Server Connector没有正确处理URL中双重编码的“..”字串。如果多个组件(防火墙、缓存、代理和Tomcat)处理一个请求的话,这些组件不应迭代的多次解码请求URL,否则就可能绕过最后一个组件之前所实施的访问控制规则。 默认下modjk解码Apache...
CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
CVE-2007-1860
CVE-2007-1860 affects the Apache Tomcat JK Web Server Connector (mod_jk) in 1.2.x before 1.2.23. The flaw arises because mod_jk decodes request URLs within Apache before passing them to Tomcat, enabling directory traversal through crafted URLs (e.g., double-encoded .. sequences via a JkMount pref...
FreeBSD : mod_jk -- long URL stack overflow vulnerability (cf86c644-cb6c-11db-8e9d-000c6ec775d9)
TippingPoint and The Zero Day Initiative reports : This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. The specific flaw exists in the URI handler f...
Apache Tomcat JK Web Server Connector超长URL栈溢出漏洞
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Tomcat JK Web Server Connector的modjk.so库在处理超长畸形的URL时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 Apache Tomcat JK Web Server Connector的modjk.so库URI处理器mapuritoworker是在native/common/jkuriworkermap.c文件中定义的。当该库在解析超过4095字节的超长URL请求时URI...
DSquare Exploit Pack: D2SEC_MOD_JK
Name| d2secmodjk ---|--- CVE| CVE-2007-0774 Exploit Pack| D2ExploitPack Description| Apache Tomcat JK Web Server Connector Stack Overflow Vulnerability Notes|...
CVE-2007-0774
Stack-based buffer overflow in the mapuritoworker function native/common/jkuriworkermap.c in modjk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a...
ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-008.html March 2, 2007 -- CVE ID: CVE-2007-0774 -- Affected Vendor: Apache -- Affected Products: Tomcat JK Web Server Connector 1.2.19 Tomcat JK Web Server...
mod_jk -- long URL stack overflow vulnerability
TippingPoint and The Zero Day Initiative reports: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. The specific flaw exists in the URI handler fo...
Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. The specific flaw exists in the URI handler for the modjk.so library, mapuritoworker, defined in...