PT-2007-1473 · Apache · Apache Tomcat+1
Ruediger Pluem
·
Published
2007-04-25
·
Updated
2023-02-13
·
CVE-2006-7197
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat version 5.5.15
Description
The issue is related to the AJP connector in Apache Tomcat, which uses an incorrect length for chunks. This can cause a buffer over-read in the
ajp process callback function in mod jk, allowing remote attackers to read portions of sensitive memory.Recommendations
For Apache Tomcat version 5.5.15, consider disabling the AJP connector as a temporary workaround until a patch is available. Restrict access to the mod jk module to minimize the risk of exploitation.
Fix
Buffer Over-read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Tomcat
Mod Jk