CVE-2007-0774

Name of the Vulnerable Software and Affected Versions Apache Tomcat JK Web Server Connector versions 1.2.19 through 1.2.20 Tomcat versions 4.1.34 and 5.5.20

Description The issue is a stack-based buffer overflow in the map uri to worker function, located in the jk uri worker map.c file of the mod jk.so module. This allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

Recommendations For Apache Tomcat JK Web Server Connector versions 1.2.19 and 1.2.20, consider updating to a version that is not affected by this issue. For Tomcat versions 4.1.34 and 5.5.20, consider updating to a version that is not affected by this issue. As a temporary workaround, consider restricting access to long URLs to minimize the risk of exploitation.