7.5

CVE-2007-6258

Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheMod Jk Version2.0
ApacheMod Jk Version2.0.1
ApacheMod Jk Version2.0.2
ApacheMod Jk Version2.0.3_dev
F5Big-ip Version9.2.3.30
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 40.85% 0.985
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://securityreason.com/securityalert/3661
Broken Link
http://www.ioactive.com/pdfs/mod_jk2.pdf
Third Party Advisory
http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf
Broken Link
http://www.kb.cert.org/vuls/id/771937
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/archive/1/487983/100/100/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/27752
Patch
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/0572
URL Repurposed
https://www.exploit-db.com/exploits/5330
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/5386
Third Party Advisory
VDB Entry