Detections
Analytics

Apache mod_jk Long URL Worker Map Stack Remote Overflow

high Nessus Plugin ID 24813

Language:

Synopsis

The remote web server includes a module that is affected by an overflow vulnerability.

Description

According to its banner, the version of the Apache mod_jk module in use on the remote web server contains a buffer overflow vulnerability.
An unauthenticated, remote attacker may be able to exploit this flaw by sending a long URL request to crash the affected service or execute arbitrary code on the remote host, subject to the privileges of the web server user id.

Solution

Upgrade to Apache Tomcat Connector 1.2.21 or later.

See Also

http://www.zerodayinitiative.com/advisories/ZDI-07-008.html

https://www.securityfocus.com/archive/1/461734/30/0/threaded

http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

Plugin Details

Severity: High

ID: 24813

File Name: mod_jk_long_url_overflow.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 3/15/2007

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/2/2007

Vulnerability Publication Date: 3/2/2007

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (Apache mod_jk 1.2.20 Buffer Overflow)

Reference Information

CVE: CVE-2007-0774

BID: 22791