| VID |
22439 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Apache webserver, according to its banner, has a buffer overflow vulnerability in the Apache mod_jk module. Apache Tomcat JK Web Server Connector versions prior to 1.2.21, as used in Tomcat 4.1.34 and 5.5.20, is vulnerable to a stack-based buffer overflow vulnerability, caused by improper bounds checking by the map_uri_to_worker() function in the mod_jk.so library. By sending an overly long URL request that triggers the overflow in a URI worker map routine, a remote attacker could execute arbitrary code on the system or cause the affected server to crash.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
http://tomcat.apache.org/security-jk.html
http://www.zerodayinitiative.com/advisories/ZDI-07-008.html
http://www.securityfocus.com/archive/1/461734/30/0/threaded
http://www.frsirt.com/english/advisories/2007/0809
http://securitytracker.com/id?1017719
http://secunia.com/advisories/24558
http://secunia.com/advisories/24398
* Platforms Affected:
Apache Software Foundation, Tomcat Connector versions prior to 1.2.21
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Tomcat JK Web Server Connector (1.2.21 or later), available from the Apache Tomcat Web site at http://tomcat.apache.org/download-connectors.cgi
For Red Hat Linux:
Upgrade to an updated mod_jk package version, as listed in Red Hat Security Advisory RHSA-2007:0096-2 at http://www.redhat.com/support/errata/RHSA-2007-0096.html
For Gentoo Linux:
Upgrade to the fixed version of Squid, as listed in Gentoo Linux Security Announcement GLSA 200703-16 at http://www.gentoo.org/security/en/glsa/glsa-200703-16.xml |
| Related URL |
CVE-2007-0774 (CVE) |
| Related URL |
22791 (SecurityFocus) |
| Related URL |
32794 (ISS) |
|
