Buffer Overflow Vulnerability in Apache Tomcat Connectors
CVE-2016-6808

9.8CRITICAL

Key Information:

Vendor

Apache
Status
Tomcat Jk Connector
Vendor
CVE Published:
12 April 2017

What is CVE-2016-6808?

A buffer overflow vulnerability exists in the Apache Tomcat Connectors (mod_jk) that could allow an attacker to exploit the application. Versions prior to 1.2.42 are affected, potentially enabling remote code execution or denial of service through carefully crafted requests. It is crucial for users and administrators to apply the necessary updates to safeguard against these risks.

References

http://www.securitytracker.com/id/1036969
vdb-entryx_refsource_SECTRACK
http://seclists.org/fulldisclosure/2016/Oct/44
mailing-listx_refsource_FULLDISC
https://access.redhat.com/errata/RHSA-2017:0194
vendor-advisoryx_refsource_REDHAT

EPSS Score

34% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.