Apache Tomcat JK ISAPI Connector 1.2.41 Buffer Overflow

2016.10.12

Credit: Mark Thomas

Risk: High

Local: No

Remote: Yes

CVE: CVE-2016-6808

CWE: CWE-119

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41
Description
The IIS/ISAPI specific code implements special handling when a virtual
host is present. The virtual host name and the URI are concatenated to
create a virtual host mapping rule. The length checks prior to writing
to the target buffer for this rule did not take account of the length of
the virtual host name, creating the potential for a buffer overflow.
It is not known if this overflow is exploitable.
Mitigation
Users of affected versions should apply one of the following mitigations
- Upgrade to Apache Tomcat JK ISAPI Connector 1.2.42
- Where available, use IIS configuration to restrict the maximum URI
length to 4095 - (the length of the longest virtual host name)
Credit:
This issue was discovered by The Apache Tomcat Security Team.
References:
[1] http://tomcat.apache.org/security-jk.html

References:

http://tomcat.apache.org/security-jk.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Apache Tomcat JK ISAPI Connector 1.2.41 Buffer Overflow

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.