Stack-based Buffer Overflow in Apache Tomcat JK Web Server Connector
CVE-2007-0774

Currently unrated

Key Information:

Vendor: Apache
Status: Tomcat Jk Web Server Connector
Vendor: CVE Published:; 4 March 2007

Summary

The Apache Tomcat JK Web Server Connector, specifically in the map_uri_to_worker function of mod_jk.so, is vulnerable to a stack-based buffer overflow. This vulnerability can be exploited by remote attackers through the submission of an overly long URL, leading to arbitrary code execution. The flaw exists in the URI worker map routine and affects specific versions of the connector integrated within Apache Tomcat 4.1.34 and 5.5.20.

References

http://tomcat.apache.org/connectors-doc/miscellaneous/cha...

x_refsource_CONFIRM

http://www.redhat.com/support/errata/RHSA-2007-0096.html

vendor-advisoryx_refsource_REDHAT

http://www.vupen.com/english/advisories/2007/0809

vdb-entryx_refsource_VUPEN

EPSS Score

86% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 4, 2007
Vulnerability Reserved
Feb 6, 2007