Information disclosure in Apache Tomcat JK ISAPI Connector - CVE-2006-7197
Published: October 7, 2016
Vulnerability identifier: #VU800
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2006-7197
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apache Foundation
Affected software:
Apache Tomcat JK ISAPI Connector
Apache Tomcat JK ISAPI Connector
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to obtain potentially sensitive information on the target system.
The weakness is due to setting of too long chunks delivered by send_body_chunks AJP messages. Excessive length of the chunks causes mod_jk to read beyond buffer boundaries that leads to disclosure of sensitive information to the attacker.
Successful exploitation of the vulnerability results in malicious user's access to important data on the vulnerable system.
The weakness is due to setting of too long chunks delivered by send_body_chunks AJP messages. Excessive length of the chunks causes mod_jk to read beyond buffer boundaries that leads to disclosure of sensitive information to the attacker.
Successful exploitation of the vulnerability results in malicious user's access to important data on the vulnerable system.