7.5 - VU#771937

Executive Summary

Summary
Title	Apache mod_jk2 host header buffer overflow

Informations
Name	VU#771937	First vendor Publication	2008-02-14
Vendor	VU-CERT	Last vendor Modification	2008-02-20
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#771937

Apache mod_jk2 host header buffer overflow

Overview

A vulnerability exists in the legacy version of the mod_jk2 Apache module. If successfully exploited, an attacker may be able to run arbitrary code on affected system.

I. Description

The host header field allows HTTP 1.1 (RFC 2616) compliant servers to host multiple domains using a single IP address.

Per the IOActive Security Advisory Multiple Buffer Overflows in legacy mod_jk2 apache module 2.0.3-DEV and earlier:

mod_jk2 versions less than 2.0.4 are vulnerable to multiple stack overflow vulnerabilities. Specifically, IOActive has discovered multiple
locations where these vulnerabilities are exploitable via the Host request header in any given request. These overflows all result in remote
code execution under the user of the running apache process. Although a legacy module which is end of life, certain vendors may use this
module in their products rendering them vulnerable to remote exploitation.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code.

III. Solution

Upgrade

mod_jk2 2.0.4 addresses this issue.

Systems Affected

Vendor	Status	Date Updated
Apache HTTP Server Project	Vulnerable	14-Feb-2008
F5 Networks, Inc.	Vulnerable	18-Feb-2008

References

http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf
http://today.java.net/pub/n/mod_jk22.0.4
http://www.w3.org/Protocols/rfc2616/rfc2616.html
http://www.jmarshall.com/easy/http/#http1.1c1

Credit

Thanks to IOActive for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public	02/13/2008
Date First Published	02/14/2008 08:19:59 AM
Date Last Updated	02/20/2008
CERT Advisory
CVE Name	CVE-2007-6258
US-CERT Technical Alerts
Metric	4.80
Document Revision	10

Original Source

Url : http://www.kb.cert.org/vuls/id/771937

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Mod Jk cpe:2.3:a:apache:mod_jk:2.0.3_dev:::::::* cpe:2.3:a:apache:mod_jk:2.0.2:::::::* cpe:2.3:a:apache:mod_jk:2.0.1:::::::* cpe:2.3:a:apache:mod_jk:2.0:::::::*	4
Application	f5 Big-Ip cpe:2.3:a:f5:big-ip:9.2.3.30:::::::*	1

Open Source Vulnerability Database (OSVDB)

Id	Description
43189	Apache mod_jk2 Host Header Multiple Fields Remote Overflow

Nessus® Vulnerability Scanner

Date	Description
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL7886.nasl - Type : ACT_GATHER_INFO
2008-04-04	Name : The remote host is affected by multiple buffer overflow vulnerabilities. File : mod_jk2_buffer_overflow_vulnerabilities.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-10-11 13:26:27	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	5
osvdb(s)	1
Nessus® Exploit(s)	2

	Related
7.5	CVE-2007-6258
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)