Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
References
Configurations
History
21 Nov 2024, 00:39
Type | Values Removed | Values Added |
---|---|---|
References | () http://securityreason.com/securityalert/3661 - Broken Link | |
References | () http://www.ioactive.com/pdfs/mod_jk2.pdf - Third Party Advisory | |
References | () http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf - Broken Link | |
References | () http://www.kb.cert.org/vuls/id/771937 - Patch, Third Party Advisory, US Government Resource | |
References | () http://www.securityfocus.com/archive/1/487983/100/100/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/27752 - Patch, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2008/0572 - URL Repurposed | |
References | () https://www.exploit-db.com/exploits/5330 - Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/5386 - Third Party Advisory, VDB Entry |
03 Feb 2022, 19:43
Type | Values Removed | Values Added |
---|---|---|
References | (VUPEN) http://www.vupen.com/english/advisories/2008/0572 - URL Repurposed | |
References | (CERT-VN) http://www.kb.cert.org/vuls/id/771937 - Patch, Third Party Advisory, US Government Resource | |
References | (BID) http://www.securityfocus.com/bid/27752 - Patch, Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/487983/100/100/threaded - Third Party Advisory, VDB Entry | |
References | (MISC) http://www.ioactive.com/pdfs/mod_jk2.pdf - Third Party Advisory | |
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/5330 - Third Party Advisory, VDB Entry | |
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/5386 - Third Party Advisory, VDB Entry | |
References | (SREASON) http://securityreason.com/securityalert/3661 - Broken Link | |
References | (MISC) http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf - Broken Link | |
CPE | cpe:2.3:a:apache_software_foundation:mod_jk:2.0.3_dev:*:*:*:*:*:*:* cpe:2.3:a:apache_software_foundation:mod_jk:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:apache_software_foundation:mod_jk:2.0:*:*:*:*:*:*:* |
cpe:2.3:a:apache:mod_jk:2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:mod_jk:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:apache:mod_jk:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:apache:mod_jk:2.0.3_dev:*:*:*:*:*:*:* |
Information
Published : 2008-02-19 00:00
Updated : 2024-11-21 00:39
NVD link : CVE-2007-6258
Mitre link : CVE-2007-6258
CVE.ORG link : CVE-2007-6258
JSON object : View
Products Affected
f5
- big-ip
apache
- mod_jk
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer