Check Point Advisories

Preemptive Protection against Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability

Check Point Reference: CPAI-2008-136
Date Published: 4 Aug 2008
Severity: High
Last Updated: Sunday 24 August, 2008
Source: Secunia Advisory: SA24398
Industry Reference:CVE-2007-0774
Protection Provided by:
Who is Vulnerable? Apache Software Foundation Tomcat JK Web Server Connector 1.2.19
Apache Software Foundation Tomcat JK Web Server Connector 1.2.20
Vulnerability Description A stack overflow vulnerability was reported in Apache Tomcat JK Web Server Connector. Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies. A remote attacker may exploit this issue to execute arbitrary code on an affected system.
Update/Patch AvaliableUpdate to version 1.2.21:
Apache Tomcat
Vulnerability DetailsThe vulnerability is due to a boundary error in the Apache Tomcat URL handler that fails to properly process malformed HTTP requests. A remote attacker may trigger this issue by specially crafting an HTTP request with an overly long URL and sending it to an affected server. Successful exploitation of this vulnerability may allow the attacker to execute arbitrary code on the target system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK