| Revision Date: | 2015-04-20 | Version: | 25 | | Title: | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) | | Description: | Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine. | | Family: | unix | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2007-0774
| | Platform(s): | HP-UX 11
| Product(s): | | | Definition Synopsis | | Criteria meets HP Security Bulletin HPSBUX02262 platforms
HP-UX B.11.23
OR HP-UX B.11.31
OR HP-UX B.11.11
AND hpuxwsAPACHE version is less than B.2.0.59.00
OR Criteria meets HP Security Bulletin HPSBUX02262
HP-UX B.11.11
AND hpuxwsAPACHE version is less than A.2.0.59.00
|
|