Cisco Wireless Control System Apache Tomcat JK Web Server Connector Buffer Overflow Vulnerability
A vulnerability has been identified in Cisco Wireless Control System (WCS), which could be exploited by remote attackers to cause a denial of service or execute arbitrary code. This issue is due to a buffer overflow error in the mod_jk library when processing overly long URLs via the "map_uri_to_worker()" [native/common/jk_uri_worker_map.c] method, which could be exploited by remote attackers to execute arbitrary commands by sending a specially crafted request to an affected server.
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Cisco Wireless Control System versions 3.x
- Cisco Wireless Control System versions 4.0.x prior to 18.104.22.168
- Cisco Wireless Control System versions 4.1.x and 4.2.x prior to version 22.214.171.124.
Before installation of the software, please visit the software manufacturer web-site for more details.
Update to the latest versions.
- Cisco Wireless Control System(WCS) for Linux and Windows 4.0.x and earlier:
Update to version 126.96.36.199.
- Cisco Wireless Control System(WCS) for Linux and Windows 188.8.131.52 and earlier:
Update to version 184.108.40.206.