CVE-2007-0774: overflow in URI handler
Bug #90967 reported by
Kees Cook
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat5.5 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: tomcat5.5
Only feisty is vulnerable (tomcat5.5 5.5.20), according to:
http://
"CVE-2007-0774 : A denial of service and critical remote code execution vulnerability. Caused by buffer overflow in map_uri_to_worker() when URL were longer that 4095 bytes. Reported by ZDI (www.zerodayint
CVE References
To post a comment you must log in.
Thanks for reporting this bug. The connectors are not build from the tomcat5.5 package in Ubuntu. They are built from a separate source package, libapache-mod-jk. No Ubuntu distribution contain version 1.2.19 or 1.2.20 of the connectors. Feisty ships 1.2.18. Gutsy will ship at least 1.2.23. Closing this bug as invalid.