Vulnerabilites related to apache - mod_jk
Vulnerability from fkie_nvd
Published
2008-02-19 00:00
Modified
2024-11-21 00:39
Severity ?
Summary
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:mod_jk:2.0:*:*:*:*:*:*:*", matchCriteriaId: "0CA42140-E4FD-433A-BAF3-A12CD558F912", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8D178D51-8C86-419D-BC71-76EADD61CBF8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9BBE7148-D24F-4D43-B766-5550D139BF75", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:2.0.3_dev:*:*:*:*:*:*:*", matchCriteriaId: "758CE28D-573B-4791-8889-BBD2E7A088AA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip:9.2.3.30:*:*:*:*:*:*:*", matchCriteriaId: "ACF26DE2-D526-4845-A886-8199520A6A09", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.", }, { lang: "es", value: "Múltiples desbordamientos de búfer basados en pila en el módulo de Apache legacy mod_jk2 2.0.3-DEV y anteriores permiten a atacantes remotos ejecutar código de su elección a través de una (1) cabecera Host larga o (2) Hostname dentro de una cabecera Host larga.", }, ], id: "CVE-2007-6258", lastModified: "2024-11-21T00:39:43.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-02-19T00:00:00.000", references: [ { source: "cret@cert.org", tags: [ "Broken Link", ], url: "http://securityreason.com/securityalert/3661", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.ioactive.com/pdfs/mod_jk2.pdf", }, { source: "cret@cert.org", tags: [ "Broken Link", ], url: "http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf", }, { source: "cret@cert.org", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/771937", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/487983/100/100/threaded", }, { source: "cret@cert.org", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/27752", }, { source: "cret@cert.org", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2008/0572", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/5330", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/5386", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://securityreason.com/securityalert/3661", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ioactive.com/pdfs/mod_jk2.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/771937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/487983/100/100/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/27752", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2008/0572", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/5330", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/5386", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-09 15:08
Modified
2024-11-21 00:54
Severity ?
Summary
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:mod_jk:1.2:*:*:*:*:*:*:*", matchCriteriaId: "CF778BDD-CBEF-4A0F-9B46-165BCEDEBBA6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B3418B73-021F-4958-B884-F92DC5F0FF93", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "8E6D83A7-12A2-4BA5-A259-EC5DCF589E84", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "E1D16F5E-9F54-4F5B-A089-CFECC3FAB2D6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "8922BAB0-7FB2-4A79-8558-36462AA4F528", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "21B04E76-C7A4-4133-BA84-5C59A0F45E24", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "3526BA8B-04E4-47DC-ADCC-02E950030D66", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "315CB756-45C2-43DE-BACE-4BE4CA78E107", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "499B5633-D083-4388-85F3-9E7E7712A3BD", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "0BAE09A0-888B-45E6-9C5E-F55207A27392", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "3AC04E2E-7DC7-4D3D-A12F-470658A57826", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.14.1:*:*:*:*:*:*:*", matchCriteriaId: "A8D9EF49-7321-4D08-BDA9-B0634B1E77DE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.15:*:*:*:*:*:*:*", matchCriteriaId: "45D306EB-B2CC-4023-8E8A-5CC00F1CBE6B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.16:*:*:*:*:*:*:*", matchCriteriaId: "1A2D18B9-BA70-4C55-ABD8-BD9366360BD5", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.17:*:*:*:*:*:*:*", matchCriteriaId: "34047F15-3212-427B-AFF9-B5C25D5BEA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.18:*:*:*:*:*:*:*", matchCriteriaId: "450F6698-9F8F-408A-B677-C831A486F8FD", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.19:*:*:*:*:*:*:*", matchCriteriaId: "8C4876EE-E0EC-4EE6-9A40-C510AF5F0E31", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.20:*:*:*:*:*:*:*", matchCriteriaId: "007F4406-DCB9-4B16-8DCC-DCDD2423EA83", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.21:*:*:*:*:*:*:*", matchCriteriaId: "C138C7C9-6A56-4D76-A6E4-B5574D80B0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.22:*:*:*:*:*:*:*", matchCriteriaId: "4F7F6CFB-3640-4FDF-B94E-A6454BC4DC01", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.23:*:*:*:*:*:*:*", matchCriteriaId: "C83A551D-1918-4DD8-B69E-BEDD7F698858", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.24:*:*:*:*:*:*:*", matchCriteriaId: "8E753585-53DD-438C-AD3F-E144C7CA07B5", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.25:*:*:*:*:*:*:*", matchCriteriaId: "166C1F7C-9F96-44CD-830C-D39966770957", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mod_jk:1.2.26:*:*:*:*:*:*:*", matchCriteriaId: "2EFB1EBC-8835-4259-A116-403C71ED0829", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "914E1404-01A2-4F94-AA40-D5EA20F55AD3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "81FB1106-B26D-45BE-A511-8E69131BBA52", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "401A213A-FED3-49C0-B823-2E02EA528905", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0BFE5AD8-DB14-4632-9D2A-F2013579CA7D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "7641278D-3B8B-4CD2-B284-2047B65514A2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "BB7B9911-E836-4A96-A0E8-D13C957EC0EE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "D2341C51-A239-4A4A-B0DC-30F18175442C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0E300013-0CE7-4313-A553-74A6A247B3E9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "E08D7414-8D0C-45D6-8E87-679DF0201D55", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*", matchCriteriaId: "AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*", matchCriteriaId: "60CFD9CA-1878-4C74-A9BD-5D581736E6B6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*", matchCriteriaId: "B7E52BE7-5281-4430-8846-E41CF34FC214", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*", matchCriteriaId: "02860646-1D72-4D9A-AE2A-5868C8EDB3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*", matchCriteriaId: "5BE4B9B5-9C2E-47E1-9483-88A17264594F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*", matchCriteriaId: "5BE92A9B-4B8C-468E-9162-A56ED5313E17", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*", matchCriteriaId: "AE21D455-5B38-4B07-8E25-4EE782501EB3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*", matchCriteriaId: "B9AE125C-EB8E-4D33-BB64-1E2AEE18BF81", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*", matchCriteriaId: "47588ABB-FCE6-478D-BEAD-FC9A0C7D66DF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*", matchCriteriaId: "CBDA8066-294D-431E-B026-C03707DFBCD5", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*", matchCriteriaId: "C92F3744-C8F9-4E29-BF1A-25E03A32F2C0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*", matchCriteriaId: "084B3227-FE22-43E3-AE06-7BB257018690", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*", matchCriteriaId: "F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*", matchCriteriaId: "D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*", matchCriteriaId: "6D536FF4-7582-4351-ABE3-876E20F8E7FE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*", matchCriteriaId: "1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*", matchCriteriaId: "FB43F47F-5BF9-43A0-BF0E-451B4A8F7137", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*", matchCriteriaId: "DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*", matchCriteriaId: "11DDD82E-5D83-4581-B2F3-F12655BBF817", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*", matchCriteriaId: "8A0F0C91-171E-421D-BE86-11567DEFC7BD", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*", matchCriteriaId: "F22D2621-D305-43CE-B00D-9A7563B061F7", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*", matchCriteriaId: "9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*", matchCriteriaId: "7F4245BA-B05C-49DE-B2E0-1E588209ED3B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*", matchCriteriaId: "8633532B-9785-4259-8840-B08529E20DCC", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*", matchCriteriaId: "B1D9BD7E-FCC2-404B-A057-1A10997DAFF9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*", matchCriteriaId: "F935ED72-58F4-49C1-BD9F-5473E0B9D8CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*", matchCriteriaId: "FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*", matchCriteriaId: "2EA52901-2D16-4F7E-BF5E-780B42A55D6A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*", matchCriteriaId: "6A79DA2C-35F3-47DE-909B-8D8D1AE111C8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*", matchCriteriaId: "8BF6952D-6308-4029-8B63-0BD9C648C60F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*", matchCriteriaId: "94941F86-0BBF-4F30-8F13-FB895A11ED69", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*", matchCriteriaId: "17522878-4266-432A-859D-C02096C8AC0E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*", matchCriteriaId: "951FFCD7-EAC2-41E6-A53B-F90C540327E8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*", matchCriteriaId: "BF1F2738-C7D6-4206-9227-43F464887FF5", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*", matchCriteriaId: "98EEB6F2-A721-45CF-A856-0E01B043C317", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*", matchCriteriaId: "02FDE602-A56A-477E-B704-41AF92EEBB9D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*", matchCriteriaId: "5A28B11A-3BC7-41BC-8970-EE075B029F5C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "13D9B12F-F36A-424E-99BB-E00EF0FCA277", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2A8FEEF0-8E57-43B1-8316-228B76E458D6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "D82F3FAE-91AD-4F0B-A1F7-11C1A97C5ECB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A3B2802B-E56C-462A-9601-361A9166B5F1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "190FB4FD-22A5-4771-8F99-1E260A36A474", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "4BD3785E-3A09-4BE4-96C7-619B8A7D5062", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "285F7969-09F6-48CC-89CE-928225A53CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3B9EDACC-0300-4DA7-B1CD-5F7A6029AF38", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "6B387EF0-94AD-4C8E-8CD4-4F5F706481BA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DA486065-18D5-4425-ADA5-284101919564", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*", matchCriteriaId: "A0141E20-2E3D-4CD0-A757-D7CA98499CCE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*", matchCriteriaId: "9E62493D-FEAE-49E8-A293-CE18451D0264", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*", matchCriteriaId: "FA01AB58-CAB2-420A-9899-EAB153DD898A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*", matchCriteriaId: "D731AFDD-9C33-4DC8-9BC6-06BB51048752", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*", matchCriteriaId: "01706205-1369-4E5D-8936-723DA980CA9E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*", matchCriteriaId: "0DC4A52C-6FBC-420A-885A-F72BC1DBAEC1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*", matchCriteriaId: "3A1C882D-949B-40B9-BC9F-E7FCE4FE7C3D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*", matchCriteriaId: "9A1451D2-B905-4AD7-9BD7-10CF2A12BA34", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*", matchCriteriaId: "C505696B-10E4-4B99-A598-40FA0DA39F7B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*", matchCriteriaId: "9EB2F3D8-25A1-408E-80D0-59D52A901284", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*", matchCriteriaId: "C3904E9A-585A-4005-B2E9-13538535383D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*", matchCriteriaId: "AA1934BF-83E3-4B0B-A1DF-391A5332CE39", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*", matchCriteriaId: "F06B9809-5BFA-4DB9-8753-1D8319713879", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*", matchCriteriaId: "DF6631B0-9F2E-4C5F-AB21-F085A8C1559B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*", matchCriteriaId: "15625451-E56D-405F-BE9B-B3CB1A35E929", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*", matchCriteriaId: "97ADBDC4-B669-467D-9A07-9A2DD8B68374", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*", matchCriteriaId: "8DA876C8-4417-4C35-9FEC-278D45CE6E92", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*", matchCriteriaId: "03C08A88-9377-4B32-8173-EE2D121B06D8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*", matchCriteriaId: "F7225A43-8EAE-4DA6-BBDC-4418D5444767", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*", matchCriteriaId: "A46C0933-3B19-40EA-8DED-2BF25AB85C17", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", matchCriteriaId: "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6E98B82A-22E5-4E6C-90AE-56F5780EA147", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", matchCriteriaId: "34672E90-C220-436B-9143-480941227933", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", matchCriteriaId: "92883AFA-A02F-41A5-9977-ABEAC8AD2970", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", matchCriteriaId: "989A78F8-EE92-465F-8A8D-ECF0B58AFE7A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", matchCriteriaId: "1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", matchCriteriaId: "ACFB09F3-32D1-479C-8C39-D7329D9A6623", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", matchCriteriaId: "D56581E2-9ECD-426A-96D8-A9D958900AD2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", matchCriteriaId: "717F6995-5AF0-484C-90C0-A82F25FD2E32", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", matchCriteriaId: "5B0C01D5-773F-469C-9E69-170C2844AAA4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", matchCriteriaId: "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", matchCriteriaId: "9F5CF79C-759B-4FF9-90EE-847264059E93", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", matchCriteriaId: "357651FD-392E-4775-BF20-37A23B3ABAE4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", matchCriteriaId: "585B9476-6B86-4809-9B9E-26112114CB59", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", matchCriteriaId: "6145036D-4FCE-4EBE-A137-BDFA69BA54F8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", matchCriteriaId: "E437055A-0A81-413F-AB08-0E9D0DC9EA30", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", matchCriteriaId: "9276A093-9C98-4617-9941-2276995F5848", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", matchCriteriaId: "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", matchCriteriaId: "C98575E2-E39A-4A8F-B5B5-BD280B8367BC", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", matchCriteriaId: "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", matchCriteriaId: "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", matchCriteriaId: "5878E08E-2741-4798-94E9-BA8E07386B12", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", matchCriteriaId: "69F6BAB7-C099-4345-A632-7287AEA555B2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", matchCriteriaId: "F3AAF031-D16B-4D51-9581-2D1376A5157B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", matchCriteriaId: "51120689-F5C0-4DF1-91AA-314C40A46C58", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", matchCriteriaId: "F67477AB-85F6-421C-9C0B-C8EFB1B200CF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", matchCriteriaId: "16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", matchCriteriaId: "5D70CFD9-B55D-4A29-B94C-D33F3E881A8F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.", }, { lang: "es", value: "El conector JK (tambien conocido como mod_jk) v1.2.0 hasta la v1.2.26 en Apache Tomcat permite a atacantes remotos obtener información sensible a través de una petición arbitraria desde un cliente HTTP, en circunstancias oportunas implicando (1) una petición desde distintos clientes que incluyan una cabecera con el campo longitud de contenido, pero sin datos en POST, o (2) una serie de peticiones rápidas, relativo a la no conformidad con los requerimientos del protocolo AJP para peticiones que contengan cabeceras con el campo longitud del contenido.\r\n", }, ], id: "CVE-2008-5519", lastModified: "2024-11-21T00:54:14.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-09T15:08:35.500", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", }, { source: "secalert@redhat.com", url: "http://mail-archives.apache.org/mod_mbox/www-announce/200904.mbox/%3C49DBBAC0.2080400%40apache.org%3E", }, { source: "secalert@redhat.com", url: "http://marc.info/?l=tomcat-dev&m=123913700700879", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/29283", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/34621", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/35537", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1022001", }, { source: "secalert@redhat.com", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://svn.eu.apache.org/viewvc?view=rev&revision=702540", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-jk.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2009/dsa-1810", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2009/04/08/10", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2009-0446.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/502530/100/0/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/34412", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2009/0973", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=490201", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://mail-archives.apache.org/mod_mbox/www-announce/200904.mbox/%3C49DBBAC0.2080400%40apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=tomcat-dev&m=123913700700879", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/34621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35537", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1022001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://svn.eu.apache.org/viewvc?view=rev&revision=702540", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-jk.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2009/dsa-1810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2009/04/08/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2009-0446.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/502530/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/34412", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0973", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=490201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2007-6258
Vulnerability from cvelistv5
Published
2008-02-18 23:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/487983/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/0572 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/27752 | vdb-entry, x_refsource_BID | |
| http://www.ioactive.com/pdfs/mod_jk2.pdf | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/5330 | exploit, x_refsource_EXPLOIT-DB | |
| http://securityreason.com/securityalert/3661 | third-party-advisory, x_refsource_SREASON | |
| http://www.kb.cert.org/vuls/id/771937 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/5386 | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T16:02:35.551Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20080212 IOActive Security Advisory: Legacy mod_jk2 Buffer Overflow", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/487983/100/100/threaded", }, { name: "ADV-2008-0572", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0572", }, { name: "27752", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/27752", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ioactive.com/pdfs/mod_jk2.pdf", }, { name: "5330", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/5330", }, { name: "3661", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3661", }, { name: "VU#771937", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/771937", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf", }, { name: "5386", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/5386", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-02-12T00:00:00", descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "20080212 IOActive Security Advisory: Legacy mod_jk2 Buffer Overflow", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/487983/100/100/threaded", }, { name: "ADV-2008-0572", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0572", }, { name: "27752", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/27752", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ioactive.com/pdfs/mod_jk2.pdf", }, { name: "5330", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/5330", }, { name: "3661", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3661", }, { name: "VU#771937", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/771937", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf", }, { name: "5386", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/5386", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2007-6258", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20080212 IOActive Security Advisory: Legacy mod_jk2 Buffer Overflow", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/487983/100/100/threaded", }, { name: "ADV-2008-0572", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0572", }, { name: "27752", refsource: "BID", url: "http://www.securityfocus.com/bid/27752", }, { name: "http://www.ioactive.com/pdfs/mod_jk2.pdf", refsource: "MISC", url: "http://www.ioactive.com/pdfs/mod_jk2.pdf", }, { name: "5330", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/5330", }, { name: "3661", refsource: "SREASON", url: "http://securityreason.com/securityalert/3661", }, { name: "VU#771937", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/771937", }, { name: "http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf", refsource: "MISC", url: "http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf", }, { name: "5386", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/5386", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2007-6258", datePublished: "2008-02-18T23:00:00", dateReserved: "2007-12-05T00:00:00", dateUpdated: "2024-08-07T16:02:35.551Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-5519
Vulnerability from cvelistv5
Published
2009-04-09 15:00
Modified
2024-08-07 10:56
Severity ?
EPSS score ?
Summary
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:56:46.621Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2009-0973", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0973", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html", }, { name: "34621", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/34621", }, { name: "SUSE-SR:2009:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", }, { name: "1022001", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1022001", }, { name: "34412", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/34412", }, { name: "[oss-security] 20090408 CVE-2008-5519: mod_jk session information leak vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/04/08/10", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h", }, { name: "RHSA-2009:0446", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2009-0446.html", }, { name: "[www-announce] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://mail-archives.apache.org/mod_mbox/www-announce/200904.mbox/%3C49DBBAC0.2080400%40apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.eu.apache.org/viewvc?view=rev&revision=702540", }, { name: "[tomcat-dev] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://marc.info/?l=tomcat-dev&m=123913700700879", }, { name: "20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/502530/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=490201", }, { name: "29283", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29283", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tomcat.apache.org/security-jk.html", }, { name: "35537", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35537", }, { name: "DSA-1810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2009/dsa-1810", }, { name: "262468", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-04-07T00:00:00", descriptions: [ { lang: "en", value: "The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-13T16:10:22", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "ADV-2009-0973", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0973", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html", }, { name: "34621", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/34621", }, { name: "SUSE-SR:2009:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", }, { name: "1022001", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1022001", }, { name: "34412", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/34412", }, { name: "[oss-security] 20090408 CVE-2008-5519: mod_jk session information leak vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/04/08/10", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h", }, { name: "RHSA-2009:0446", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2009-0446.html", }, { name: "[www-announce] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://mail-archives.apache.org/mod_mbox/www-announce/200904.mbox/%3C49DBBAC0.2080400%40apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.eu.apache.org/viewvc?view=rev&revision=702540", }, { name: "[tomcat-dev] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://marc.info/?l=tomcat-dev&m=123913700700879", }, { name: "20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/502530/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=490201", }, { name: "29283", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29283", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tomcat.apache.org/security-jk.html", }, { name: "35537", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35537", }, { name: "DSA-1810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2009/dsa-1810", }, { name: "262468", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-5519", datePublished: "2009-04-09T15:00:00", dateReserved: "2008-12-12T00:00:00", dateUpdated: "2024-08-07T10:56:46.621Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }