Arbitrary code execution in Apache Tomcat JK ISAPI Connector - CVE-2007-0774
Published: October 7, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU799
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2007-0774
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Apache Foundation
Affected software:
Apache Tomcat JK ISAPI Connector
Apache Tomcat JK ISAPI Connector
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution or DoS conditions on the target system.
The weakness is due to stack overflow that may occur because of unsafe memory copy in the URI handler for the native JK connector and allows attackers to execute arbitrary code or trigger the web server crash.
Successful exploitation of the vulnerablity may result in erbitrary code execution or
The weakness is due to stack overflow that may occur because of unsafe memory copy in the URI handler for the native JK connector and allows attackers to execute arbitrary code or trigger the web server crash.
Successful exploitation of the vulnerablity may result in erbitrary code execution or
How to mitigate CVE-2007-0774
Update to version 1.2.21.