FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-0774

This CVE name corresponds to:

Entered Topic
2007-03-05 mod_jk -- long URL stack overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-0774 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-0774
Phase Assigned(20070206)

Description

Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

References

Source Reference
BUGTRAQ 20070302 ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
MISC http://www.zerodayinitiative.com/advisories/ZDI-07-008.html
CONFIRM http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
CONFIRM http://tomcat.apache.org/security-jk.html
CISCO 20080130 Cisco Wireless Control System Tomcat mod_jk.so Vulnerability
GENTOO GLSA-200703-16
HP HPSBUX02262
HP SSRT071447
REDHAT RHSA-2007:0096
BID 22791
OVAL oval:org.mitre.oval:def:5513
VUPEN ADV-2007-0809
VUPEN ADV-2007-3386
VUPEN ADV-2008-0331
SECTRACK 1017719
SECUNIA 24398
SECUNIA 24558
SECUNIA 27037
SECUNIA 28711
XF tomcat-mapuritoworker-bo(32794)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.