Main Vulnerability Database SB2007031601

SB2007031601 - Gentoo update for Apache JK Tomcat Connector

Published: March 16, 2007

Security Bulletin ID SB2007031601

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Arbitrary code execution (CVE-ID: CVE-2007-0774)

The vulnerability allows a remote unauthenticated user to cause arbitrary code execution or DoS conditions on the target system.
The weakness is due to stack overflow that may occur because of unsafe memory copy in the URI handler for the native JK connector and allows attackers to execute arbitrary code or trigger the web server crash.
Successful exploitation of the vulnerablity may result in erbitrary code execution or

Remediation

Install update from vendor's website.

References

https://security.gentoo.org/glsa/200703-16