Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6258

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6258
Last Modified 07 Mar 2011 10:02:16
Published 18 Feb 2008 07:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6258

Summary

Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.

Vulnerable Systems

Application

  • Apache Software Foundation Mod Jk 2.0

  • Apache Software Foundation Mod Jk 2.0.1

  • Apache Software Foundation Mod Jk 2.0.2

  • Apache Software Foundation Mod Jk 2.0.3 Dev

  • F5 Big-ip 9.2.3.30


References

CERT-VN - VU#771937

BID - 27752

VUPEN - ADV-2008-0572

BUGTRAQ - 20080212 IOActive Security Advisory: Legacy mod_jk2 Buffer Overflow

MILW0RM - 5330

MISC - http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf

MISC - http://www.ioactive.com/pdfs/mod_jk2.pdf

MILW0RM - 5386

SREASON - 3661


Last Updated: 27 May 2016 10:46:26