ID |
CVE-2007-0774
|
Summary |
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 13-02-2023 - 02:17) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
oval
via4
|
accepted | 2015-04-20T04:02:25.877-04:00 | class | vulnerability | contributors | name | Michael Wood | organization | Hewlett-Packard |
name | Sushant Kumar Singh | organization | Hewlett-Packard |
name | Sushant Kumar Singh | organization | Hewlett-Packard |
name | Prashant Kumar | organization | Hewlett-Packard |
name | Mike Cokus | organization | The MITRE Corporation |
| description | Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine. | family | unix | id | oval:org.mitre.oval:def:5513 | status | accepted | submitted | 2008-10-30T17:10:24.000-04:00 | title | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) | version | 45 |
|
redhat
via4
|
advisories | | rpms | - mod_jk-ap20-0:1.2.20-1.el4s1.2
- mod_jk-debuginfo-0:1.2.20-1.el4s1.2
- mod_jk-manual-0:1.2.20-1.el4s1.2
- mod_jk-ap20-0:1.2.20-1jpp_1rh
- mod_jk-debuginfo-0:1.2.20-1jpp_1rh
- mod_jk-manual-0:1.2.20-1jpp_1rh
|
|
refmap
via4
|
bid | 22791 | bugtraq | 20070302 ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability | cisco | 20080130 Cisco Wireless Control System Tomcat mod_jk.so Vulnerability | confirm | | gentoo | GLSA-200703-16 | hp | | misc | http://www.zerodayinitiative.com/advisories/ZDI-07-008.html | mlist | - [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
- [tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
- [tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
- [tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
- [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/
- [tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/
| sectrack | 1017719 | secunia | | vupen | - ADV-2007-0809
- ADV-2007-3386
- ADV-2008-0331
| xf | tomcat-mapuritoworker-bo(32794) |
|
saint
via4
|
bid | 22791 | description | Apache Tomcat JK Web Server Connector URI worker map buffer overflow | id | web_mod_jkver | osvdb | 33855 | title | tomcat_jk_connector_worker_map | type | remote |
|
Last major update |
13-02-2023 - 02:17 |
Published |
04-03-2007 - 22:19 |
Last modified |
13-02-2023 - 02:17 |