Executive Summary

Title Apache mod_jk2 host header buffer overflow
Name VU#771937 First vendor Publication 2008-02-14
Vendor VU-CERT Last vendor Modification 2008-02-20
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#771937

Apache mod_jk2 host header buffer overflow


A vulnerability exists in the legacy version of the mod_jk2 Apache module. If successfully exploited, an attacker may be able to run arbitrary code on affected system.

I. Description

The host header field allows HTTP 1.1 (RFC 2616) compliant servers to host multiple domains using a single IP address.

Per the IOActive Security Advisory Multiple Buffer Overflows in legacy mod_jk2 apache module 2.0.3-DEV and earlier:

    mod_jk2 versions less than 2.0.4 are vulnerable to multiple stack overflow vulnerabilities. Specifically, IOActive has discovered multiple
    locations where these vulnerabilities are exploitable via the Host request header in any given request. These overflows all result in remote
    code execution under the user of the running apache process. Although a legacy module which is end of life, certain vendors may use this
    module in their products rendering them vulnerable to remote exploitation.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code.

III. Solution


mod_jk2 2.0.4 addresses this issue.

Systems Affected

VendorStatusDate Updated
Apache HTTP Server ProjectVulnerable14-Feb-2008
F5 Networks, Inc.Vulnerable18-Feb-2008




Thanks to IOActive for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public02/13/2008
Date First Published02/14/2008 08:19:59 AM
Date Last Updated02/20/2008
CERT Advisory 
CVE NameCVE-2007-6258
US-CERT Technical Alerts 
Document Revision10

Original Source

Url : http://www.kb.cert.org/vuls/id/771937

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Application 4
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
43189 Apache mod_jk2 Host Header Multiple Fields Remote Overflow

Nessus® Vulnerability Scanner

Date Description
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL7886.nasl - Type : ACT_GATHER_INFO
2008-04-04 Name : The remote host is affected by multiple buffer overflow vulnerabilities.
File : mod_jk2_buffer_overflow_vulnerabilities.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-10-11 13:26:27
  • Multiple Updates