NVD

Id
52994  
Name
CVE-2007-0774  
Description
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-03-04  
Modified Date
2011-03-07  
Seq
2007-0774  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
267860 52994 CVE-2007-0774 SSRT071447  View
267861 52994 CVE-2007-0774 oval:org.mitre.oval:def:5513  View
267862 52994 CVE-2007-0774 1017719  View
267863 52994 CVE-2007-0774 http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html  View
267864 52994 CVE-2007-0774 http://tomcat.apache.org/security-jk.html  View
267865 52994 CVE-2007-0774 20080130 Cisco Wireless Control System Tomcat mod_jk.so Vulnerability  View
267866 52994 CVE-2007-0774 GLSA-200703-16  View
267867 52994 CVE-2007-0774 RHSA-2007:0096  View
267868 52994 CVE-2007-0774 20070302 ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability  View
267869 52994 CVE-2007-0774 22791  View
267870 52994 CVE-2007-0774 ADV-2007-0809  View
267871 52994 CVE-2007-0774 ADV-2007-3386  View
267872 52994 CVE-2007-0774 ADV-2008-0331  View
267873 52994 CVE-2007-0774 http://www.zerodayinitiative.com/advisories/ZDI-07-008.html  View
267874 52994 CVE-2007-0774 tomcat-mapuritoworker-bo(32794)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
51523 JVNDB-2007-000185 Apache Tomcat JK Web Server Connector におけるスタックオーバーフローの脆弱性 Apache Tomcat JK Web Server Connector (JK) には、map_uri_to_worker() 関数において過度に長い URL の処理によりスタックオーバーフローが発生する脆弱性が存在します。なお、影響を受ける JK コネクタは Tomcat ソース版のバージョン 4.1.34 および 5.5.20 に含まれています。 CVE-2007-0774 24129 CVE-2007-0774 52994 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000185.html 2007-03-04 2009-06-25 View