PT-2007-1473 · Apache · Apache Tomcat+1

Ruediger Pluem

Publicado

2007-04-25

Atualizado

2023-02-13

CVE-2006-7197

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat version 5.5.15

Description The issue is related to the AJP connector in Apache Tomcat, which uses an incorrect length for chunks. This can cause a buffer over-read in the ajp process callback function in mod jk, allowing remote attackers to read portions of sensitive memory.

Recommendations For Apache Tomcat version 5.5.15, consider disabling the AJP connector as a temporary workaround until a patch is available. Restrict access to the mod jk module to minimize the risk of exploitation.

Correção

Buffer Over-read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-126

Identificadores relacionados

CVE-2006-7197

GHSA-JPQR-VH55-XQXF

RHSA-2008:0261

RHSA-2008:0524

Produtos afetados

Apache Tomcat

Mod Jk

PT-2007-1473 · Apache · Apache Tomcat+1

CVE-2006-7197

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21