FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cf86c644-cb6c-11db-8e9d-000c6ec775d9	mod_jk -- long URL stack overflow vulnerability TippingPoint and The Zero Day Initiative reports: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. The specific flaw exists in the URI handler for the mod_jk.so library, map_uri_to_worker(), defined in native/common/jk_uri_worker_map.c. When parsing a long URL request, the URI worker map routine performs an unsafe memory copy. This results in a stack overflow condition which can be leveraged to execute arbitrary code. Discovery 2007-03-02 Entry 2007-03-05 Modified 2007-03-06 mod_jk-ap2 mod_jk ge 1.2.19 lt 1.2.21 CVE-2007-0774 http://tomcat.apache.org/security-jk.html http://www.zerodayinitiative.com/advisories/ZDI-07-008.html
d9405748-1342-11dc-a35c-001485ab073e	mod_jk -- information disclosure Kazu Nambo reports: URL decoding the the Apache webserver prior to decoding in the Tomcat server could pypass access control rules and give access to pages on a different AJP by sending a crafted URL. Discovery 2007-05-18 Entry 2007-06-05 Modified 2007-10-31 mod_jk < 1.2.23,1 mod_jk-ap2 < 1.2.23 CVE-2007-1860 http://secunia.com/advisories/25383/ http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1 http://tomcat.apache.org/security-jk.html

VuXML ID

Description

cf86c644-cb6c-11db-8e9d-000c6ec775d9

mod_jk -- long URL stack overflow vulnerability

TippingPoint and The Zero Day Initiative reports:

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability.

The specific flaw exists in the URI handler for the mod_jk.so library, map_uri_to_worker(), defined in native/common/jk_uri_worker_map.c. When parsing a long URL request, the URI worker map routine performs an unsafe memory copy. This results in a stack overflow condition which can be leveraged to execute arbitrary code.

Discovery 2007-03-02
Entry 2007-03-05
Modified 2007-03-06
mod_jk-ap2
mod_jk

ge 1.2.19 lt 1.2.21

CVE-2007-0774
http://tomcat.apache.org/security-jk.html
http://www.zerodayinitiative.com/advisories/ZDI-07-008.html

d9405748-1342-11dc-a35c-001485ab073e

mod_jk -- information disclosure

Kazu Nambo reports:

URL decoding the the Apache webserver prior to decoding in the Tomcat server could pypass access control rules and give access to pages on a different AJP by sending a crafted URL.

Discovery 2007-05-18
Entry 2007-06-05
Modified 2007-10-31
mod_jk

< 1.2.23,1

mod_jk-ap2

< 1.2.23

CVE-2007-1860
http://secunia.com/advisories/25383/
http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1
http://tomcat.apache.org/security-jk.html