Lucene search

K
tomcatApache TomcatTOMCAT:4A7F833B1B75BC0165C3B07F318F1C54
HistoryApr 25, 2007 - 12:00 a.m.

Fixed in Apache Tomcat JK Connector 1.2.16

2007-04-2500:00:00
Apache Tomcat
tomcat.apache.org
6

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.004 Low

EPSS

Percentile

74.4%

Important: Information disclosure CVE-2006-7197

The Tomcat AJP connector contained a bug that sometimes set a too long length for the chunks delivered by send_body_chunks AJP messages. Bugs of this type can cause mod_jk to read beyond buffer boundaries and thus reveal sensitive memory information to a client.

Affects: JK 1.2.0-1.2.15
Source shipped with: Tomcat 4.0.0-4.0.6, 4.1.0-4.1.32, 5.0.0-5.0.30, 5.5.0-5.5.16

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.004 Low

EPSS

Percentile

74.4%

Related for TOMCAT:4A7F833B1B75BC0165C3B07F318F1C54