#VU799 Arbitrary code execution in Apache Tomcat JK ISAPI Connector - CVE-2007-0774
Published: October 7, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU799
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2007-0774
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Apache Tomcat JK ISAPI Connector
Apache Tomcat JK ISAPI Connector
Software vendor:
Apache Foundation
Apache Foundation
Description
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution or DoS conditions on the target system.
The weakness is due to stack overflow that may occur because of unsafe memory copy in the URI handler for the native JK connector and allows attackers to execute arbitrary code or trigger the web server crash.
Successful exploitation of the vulnerablity may result in erbitrary code execution or
The weakness is due to stack overflow that may occur because of unsafe memory copy in the URI handler for the native JK connector and allows attackers to execute arbitrary code or trigger the web server crash.
Successful exploitation of the vulnerablity may result in erbitrary code execution or
Remediation
Update to version 1.2.21.