Описание
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 5 | mod_jk | Under investigation | ||
| Red Hat JBoss Enterprise Application Platform 6 | mod_jk | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | mod_jk | Under investigation | ||
| Red Hat JBoss Enterprise Web Server 2 | mod_jk | Affected | ||
| Red Hat JBoss Enterprise Web Server 3 | mod_jk | Affected | ||
| Red Hat JBoss Web Server 3 | mod_jk | Affected | ||
| JBoss Core Services on RHEL 6 | jbcs-httpd24-httpd | Fixed | RHSA-2017:0193 | 25.01.2017 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-mod_auth_kerb | Fixed | RHSA-2017:0193 | 25.01.2017 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-mod_bmx | Fixed | RHSA-2017:0193 | 25.01.2017 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-mod_cluster-native | Fixed | RHSA-2017:0193 | 25.01.2017 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=1382352mod_jk: Buffer overflow when concatenating virtual host name and URI
EPSS
Процентиль: 97%
0.34234
Средний
8.1 High
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 9 лет назад
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
CVSS3: 9.8
nvd
почти 9 лет назад
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
CVSS3: 9.8
debian
почти 9 лет назад
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
CVSS3: 9.8
github
больше 3 лет назад
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
EPSS
Процентиль: 97%
0.34234
Средний
8.1 High
CVSS3
6.8 Medium
CVSS2