Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-0774

Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

Related bugs and status

CVE-2007-0774 (Candidate) is related to these bugs:

Bug #90967: CVE-2007-0774: overflow in URI handler

Summary				In	Importance	Status
	90967	CVE-2007-0774: overflow in URI handler		tomcat5.5 (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.zerodayinit...
MISC: http://securitytracker...
MISC: http://www.securityfoc...
MISC: http://www.cisco.com/e...
MISC: http://www.securityfoc...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.vupen.com/e...
MISC: http://www.vupen.com/e...
MISC: http://www.vupen.com/e...
MISC: http://www.gentoo.org/...
MISC: http://h20000.www2.hp....
MISC: http://www.redhat.com/...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: http://tomcat.apache.o...
MISC: http://tomcat.apache.o...
MISC: https://oval.cisecurit...
MISC: https://exchange.xforc...