CVE-2007-6258

Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:mod_jk:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_jk:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_jk:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_jk:2.0.3_dev:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:f5:big-ip:9.2.3.30:*:*:*:*:*:*:*

History

21 Nov 2024, 00:39

Type Values Removed Values Added
References () http://securityreason.com/securityalert/3661 - Broken Link () http://securityreason.com/securityalert/3661 - Broken Link
References () http://www.ioactive.com/pdfs/mod_jk2.pdf - Third Party Advisory () http://www.ioactive.com/pdfs/mod_jk2.pdf - Third Party Advisory
References () http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf - Broken Link () http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf - Broken Link
References () http://www.kb.cert.org/vuls/id/771937 - Patch, Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/771937 - Patch, Third Party Advisory, US Government Resource
References () http://www.securityfocus.com/archive/1/487983/100/100/threaded - Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/487983/100/100/threaded - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/27752 - Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/27752 - Patch, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2008/0572 - URL Repurposed () http://www.vupen.com/english/advisories/2008/0572 - URL Repurposed
References () https://www.exploit-db.com/exploits/5330 - Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/5330 - Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/5386 - Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/5386 - Third Party Advisory, VDB Entry

03 Feb 2022, 19:43

Type Values Removed Values Added
References (VUPEN) http://www.vupen.com/english/advisories/2008/0572 - (VUPEN) http://www.vupen.com/english/advisories/2008/0572 - URL Repurposed
References (CERT-VN) http://www.kb.cert.org/vuls/id/771937 - Patch, US Government Resource (CERT-VN) http://www.kb.cert.org/vuls/id/771937 - Patch, Third Party Advisory, US Government Resource
References (BID) http://www.securityfocus.com/bid/27752 - Patch (BID) http://www.securityfocus.com/bid/27752 - Patch, Third Party Advisory, VDB Entry
References (BUGTRAQ) http://www.securityfocus.com/archive/1/487983/100/100/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/487983/100/100/threaded - Third Party Advisory, VDB Entry
References (MISC) http://www.ioactive.com/pdfs/mod_jk2.pdf - (MISC) http://www.ioactive.com/pdfs/mod_jk2.pdf - Third Party Advisory
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/5330 - (EXPLOIT-DB) https://www.exploit-db.com/exploits/5330 - Third Party Advisory, VDB Entry
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/5386 - (EXPLOIT-DB) https://www.exploit-db.com/exploits/5386 - Third Party Advisory, VDB Entry
References (SREASON) http://securityreason.com/securityalert/3661 - (SREASON) http://securityreason.com/securityalert/3661 - Broken Link
References (MISC) http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf - (MISC) http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf - Broken Link
CPE cpe:2.3:a:apache_software_foundation:mod_jk:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:mod_jk:2.0.3_dev:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:mod_jk:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache_software_foundation:mod_jk:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_jk:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_jk:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_jk:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_jk:2.0.3_dev:*:*:*:*:*:*:*

Information

Published : 2008-02-19 00:00

Updated : 2024-11-21 00:39


NVD link : CVE-2007-6258

Mitre link : CVE-2007-6258

CVE.ORG link : CVE-2007-6258


JSON object : View

Products Affected

f5

  • big-ip

apache

  • mod_jk
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer