Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
| tomcat-mapuritoworker-bo (32794) |  High Risk |
Description:
Apache Tomcat JK Web Server Connector is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the map_uri_to_worker() function in the mod_jk.so library. By sending an overly long URL request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Platforms Affected:
- Apache, Tomcat 4.1.34
- Apache, Tomcat 5.5.20
- Apache, Tomcat JK Web Server Connector 1.2.19
- Apache, Tomcat JK Web Server Connector 1.2.20
- Gentoo, Linux
- HP, HP-UX B.11.11
- HP, HP-UX B.11.23
- HP, HP-UX B.11.31
- RedHat, Application Stack v1 for EL AS 4
- RedHat, Application Stack v1 for EL ES 4
- RedHat, RHEL Application Server 2
Remedy:
Upgrade to the latest version of Apache Tomcat JK Web Server Connector (1.2.21 or later), available from the Apache Tomcat Web site. See References.
For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 200703-16 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
Gain Access
References:
- Apache Tomcat Web site, Tomcat Connectors (mod_jk) Downloads at http://tomcat.apache.org/download-connectors.cgi.
- cisco-sa-20080130-wcs, Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability at http://www.cisco.com/warp/public/707/cisco-sa-20080130-wcs.shtml.
- HPSBUX02262 SSRT071447, HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795.
- The Apache Tomcat Connect Changelog, Changes between 1.2.20 and 1.2.21 at http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html.
- ZDI-07-008, Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability at http://www.zerodayinitiative.com/advisories/ZDI-07-008.html.
- ASA-2007-094: mod_jk security update (RHSA-2007-0096)
- ASA-2007-416: HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) (HPSBUX02262)
- BID-22791: Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
- CVE-2007-0774: Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
- FrSIRT/ADV-2007-0809: Apache Tomcat Connector mod_jk Library URL Handling Buffer Overflow Vulnerability
- FrSIRT/ADV-2007-3386: HP-UX Apache Code Execution and Cross Site Scripting Vulnerabilities
- FrSIRT/ADV-2008-0331: Cisco Wireless Control System Tomcat mod_jk.so Buffer Overflow
- GLSA-200703-16: Apache JK Tomcat Connector: Remote execution of arbitrary code
- RHSA-2007-0096: Critical: mod_jk security update
- RHSA-2007-0164: Critical: mod_jk security update
- SA24398: Apache Tomcat JK Web Server Connector Long URL Buffer Overflow
- SA28711: Cisco Wireless Control System Apache Tomcat JK Web Server Connector Buffer Overflow
- SECTRACK ID: 1017719: Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
Reported:
Mar 02, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net