V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2007-0774
DEB
HighConfirmedExploit available

Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Ser…

CVSS
7.5
High
EPSS
0.82
p99
Published
2007-01-01
Updated
2007-01-01
Description

Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

Affected products
Tomcat_jk_web_server_connector
CVSS vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Timeline
2007-01-01
Published
2007-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Authentication
Au: N
None (N)
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.815 · p99
Known exploited (KEV)
No
Known exploits — Сканер-ВС
16798
exploitdb · https://www.exploit-db.com/exploits/16798
Enterprise
4162
exploitdb · https://www.exploit-db.com/exploits/4162
Enterprise
Affected products
ProductVendorStatus
libapache-mod-jkTracked
libapache-mod-jkTracked
libapache-mod-jkTracked
mod_jkTracked
mod_jkTracked
tomcat5.5Tracked
tomcat_jk_web_server_connector*Tracked
Source databases
DEB
CVE
RED
UBU