ID CVE-2007-0774
Summary Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat JK Web Server Connector 1.2.19
    cpe:2.3:a:apache:tomcat_jk_web_server_connector:1.2.19
  • Apache Software Foundation Tomcat JK Web Server Connector 1.2.20
    cpe:2.3:a:apache:tomcat_jk_web_server_connector:1.2.20
CVSS
Base: 7.5 (as of 07-03-2007 - 12:54)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Apache mod_jk 1.2.20 Buffer Overflow. CVE-2007-0774. Remote exploit for windows platform
id EDB-ID:16798
last seen 2016-02-02
modified 2010-07-25
published 2010-07-25
reporter metasploit
source https://www.exploit-db.com/download/16798/
title Apache mod_jk 1.2.20 - Buffer Overflow
metasploit via4
description This is a stack buffer overflow exploit for mod_jk 1.2.20. Should work on any Win32 OS.
id MSF:EXPLOIT/WINDOWS/HTTP/APACHE_MODJK_OVERFLOW
last seen 2019-03-24
modified 2017-07-24
published 2007-05-22
reliability Great
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/apache_modjk_overflow.rb
title Apache mod_jk 1.2.20 Buffer Overflow
nessus via4
  • NASL family CGI abuses
    NASL id MOD_JK_LONG_URL_OVERFLOW.NASL
    description According to its banner, the version of the Apache mod_jk module in use on the remote web server contains a buffer overflow vulnerability. An unauthenticated, remote attacker may be able to exploit this flaw by sending a long URL request to crash the affected service or execute arbitrary code on the remote host, subject to the privileges of the web server user id.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 24813
    published 2007-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24813
    title Apache mod_jk Long URL Worker Map Stack Remote Overflow
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CF86C644CB6C11DB8E9D000C6EC775D9.NASL
    description TippingPoint and The Zero Day Initiative reports : This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. The specific flaw exists in the URI handler for the mod_jk.so library, map_uri_to_worker(), defined in native/common/jk_uri_worker_map.c. When parsing a long URL request, the URI worker map routine performs an unsafe memory copy. This results in a stack overflow condition which can be leveraged to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 24770
    published 2007-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24770
    title FreeBSD : mod_jk -- long URL stack overflow vulnerability (cf86c644-cb6c-11db-8e9d-000c6ec775d9)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200703-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200703-16 (Apache JK Tomcat Connector: Remote execution of arbitrary code) ZDI reported an unsafe memory copy in mod_jk that was discovered by an anonymous researcher in the map_uri_to_worker function of native/common/jk_uri_worker_map.c . Impact : A remote attacker can send a long URL request to an Apache server using Tomcat. That can trigger the vulnerability and lead to a stack-based buffer overflow, which could result in the execution of arbitrary code with the permissions of the Apache user. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 24841
    published 2007-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24841
    title GLSA-200703-16 : Apache JK Tomcat Connector: Remote execution of arbitrary code
oval via4
accepted 2015-04-20T04:02:25.877-04:00
class vulnerability
contributors
  • name Michael Wood
    organization Hewlett-Packard
  • name Sushant Kumar Singh
    organization Hewlett-Packard
  • name Sushant Kumar Singh
    organization Hewlett-Packard
  • name Prashant Kumar
    organization Hewlett-Packard
  • name Mike Cokus
    organization The MITRE Corporation
description Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
family unix
id oval:org.mitre.oval:def:5513
status accepted
submitted 2008-10-30T17:10:24.000-04:00
title HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
version 41
packetstorm via4
data source https://packetstormsecurity.com/files/download/57551/apache_modjk_overflow.rb.txt
id PACKETSTORM:57551
last seen 2016-12-05
published 2007-07-10
reporter Nicob
source https://packetstormsecurity.com/files/57551/apache_modjk_overflow.rb.txt.html
title apache_modjk_overflow.rb.txt
redhat via4
advisories
rhsa
id RHSA-2007:0096
refmap via4
bid 22791
bugtraq 20070302 ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability
cisco 20080130 Cisco Wireless Control System Tomcat mod_jk.so Vulnerability
confirm
gentoo GLSA-200703-16
hp
  • HPSBUX02262
  • SSRT071447
misc http://www.zerodayinitiative.com/advisories/ZDI-07-008.html
mlist [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
sectrack 1017719
secunia
  • 24398
  • 24558
  • 27037
  • 28711
vupen
  • ADV-2007-0809
  • ADV-2007-3386
  • ADV-2008-0331
xf tomcat-mapuritoworker-bo(32794)
saint via4
bid 22791
description Apache Tomcat JK Web Server Connector URI worker map buffer overflow
id web_mod_jkver
osvdb 33855
title tomcat_jk_connector_worker_map
type remote
Last major update 07-03-2011 - 21:50
Published 04-03-2007 - 17:19
Last modified 21-03-2019 - 11:38
Back to Top