This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200703-16
(Apache JK Tomcat Connector: Remote execution of arbitrary code)
ZDI reported an unsafe memory copy in mod_jk that was discovered by an
anonymous researcher in the map_uri_to_worker function of
A remote attacker can send a long URL request to an Apache server using
Tomcat. That can trigger the vulnerability and lead to a stack-based
buffer overflow, which could result in the execution of arbitrary code
with the permissions of the Apache user.
There is no known workaround at this time.
See also :
All Apache Tomcat users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apache/mod_jk-1.2.21-r1'
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 24841 (gentoo_GLSA-200703-16.nasl)
CVE ID: CVE-2007-0774
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.