Skip to main content

Cisco Wireless Control System Apache Tomcat JK Web Server Connector Buffer Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 1 Feb 2008 2588 Views

RISK: Medium Risk

A vulnerability has been identified in Cisco Wireless Control System (WCS), which could be exploited by remote attackers to cause a denial of service or execute arbitrary code. This issue is due to a buffer overflow error in the mod_jk library when processing overly long URLs via the "map_uri_to_worker()" [native/common/jk_uri_worker_map.c] method, which could be exploited by remote attackers to execute arbitrary commands by sending a specially crafted request to an affected server.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Cisco Wireless Control System versions 3.x
  • Cisco Wireless Control System versions 4.0.x prior to 4.0.100.0
  • Cisco Wireless Control System versions 4.1.x and 4.2.x prior to version 4.2.62.0.

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Update to the latest versions.


Vulnerability Identifier


Source


Related Link