Upstream information
Description
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
National Vulnerability Database | |
---|---|
Base Score | 7.5 |
Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA apache2-mod_jk-1.2.26-1.30.110 |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA apache2-mod_jk-1.2.26-1.30.110 |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA apache2-mod_jk-1.2.40-0.2.1 |
SUSE Linux Enterprise Server 12 |
| Patchnames: SUSE Linux Enterprise Server 12 GA apache2-mod_jk-1.2.40-1.17 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-10625 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 02:11:14 2013CVE page last modified: Sat Jun 15 20:48:49 2024