CVE Vulnerability

CVE-2007-6258

Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf Broken Link
http://www.kb.cert.org/vuls/id/771937 Patch Third Party Advisory
http://www.securityfocus.com/bid/27752 Patch Third Party Advisory
http://securityreason.com/securityalert/3661 Broken Link
http://www.ioactive.com/pdfs/mod_jk2.pdf Third Party Advisory
http://www.vupen.com/english/advisories/2008/0572 URL Repurposed
https://www.exploit-db.com/exploits/5386 Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/5330 Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/487983/100/100/threaded Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:apache:mod_jk:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_jk:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_jk:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_jk:2.0.3_dev:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip:9.2.3.30:*:*:*:*:*:*:*
Information

Published : 2008-02-19 12:00

Updated : 2022-02-03 07:43

NVD link : CVE-2007-6258

Mitre link : CVE-2007-6258

Products Affected

Big-ip

F5

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer