CVE-2007-0774

Currently unrated

Key Information:

Vendor: Apache
Status: Tomcat Jk Web Server Connector
Vendor: CVE Published:; 4 March 2007

Summary

Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

References

http://tomcat.apache.org/connectors-doc/miscellaneous/cha...

x_refsource_CONFIRM

http://www.redhat.com/support/errata/RHSA-2007-0096.html

vendor-advisoryx_refsource_REDHAT

http://www.vupen.com/english/advisories/2007/0809

vdb-entryx_refsource_VUPEN

EPSS Score

86% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 4, 2007
Vulnerability Reserved
Feb 6, 2007