Buffer overflow in Tomcat Java web server
The Apache Foundation has fixed a critical vulnerability in the latest version of its Tomcat server implementation of Java servlets and JavaServer Pages. The vulnerability could be used by an attacker to gain control of the server.
The vulnerability is located in the Tomcat JK Web Server Connecter in the URI handler for the mod_jk.so library in the map_uri_to_worker function of the jk_uri_worker_map.c module. A buffer overflow occurs when reading over-long URLs (more than 4095 bytes), which could be exploited to write code to the stack and launch it in the server context. Prior authentication is not necessary in order to exploit the bug.
According to the Zero Day Initiative, Tomcat JK Web Server Connector versions 1.2.19 and 1.2.20 included in Tomcat 4.1.34 and 5.5.20 are affected. The bug in the Connector is fixed in Tomcat 1.2.21. This version also fixes a number of other, non-security related bugs.
- Changes between 1.2.20 and 1.2.21, Apache Foundation change log
- Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability, security advisory from ZDI
(ehe)
