Buffer overflow in Apache Tomcat JK ISAPI Connector - CVE-2016-6808
Published: October 6, 2016 / Updated: March 21, 2018
Vulnerability identifier: #VU790
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6808
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apache Foundation
Affected software:
Apache Tomcat JK ISAPI Connector
Apache Tomcat JK ISAPI Connector
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness exists due to insufficient input validation. By sending a specially crafted URI to the virtual host attackers can trigger a buffer ovewflow in the JK ISAPI connector and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
The weakness exists due to insufficient input validation. By sending a specially crafted URI to the virtual host attackers can trigger a buffer ovewflow in the JK ISAPI connector and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-6808
Update to version 1.2.42.