Skip to main content

Apache mod_jk2 Host Header Multiple Buffer Overflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 18 Feb 2008 2466 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in mod_jk2 for Apache, which could be exploited by remote attackers to cause a denial of service or compromise an affected web server. These issues are caused by buffer overflow errors when processing requests containing a malformed or overly long "Host" header, which could be exploited by remote attackers to crash an affected server or execute arbitrary code via a specially crafted request.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • mod_jk2 versions prior to 2.0.4


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to mod_jk2 version 2.0.4 or later :
http://tomcat.apache.org/download-connectors.cgi


Vulnerability Identifier


Source


Related Link