Vulnerability CVE-2007-0774

Vulnerability Name:

CVE-2007-0774 (CCN-32794)

Assigned:

2007-03-02

Published:

2007-03-02

Updated:

2023-02-13

Summary:

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-0774

Source: CCN
Type: HP Security Bulletin HPSBUX02262 SSRT071447
HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2007-0096
Critical: mod_jk security update

Source: CCN
Type: RHSA-2007-0164
Critical: mod_jk security update

Source: CCN
Type: SA24398
Apache Tomcat JK Web Server Connector Long URL Buffer Overflow

Source: CCN
Type: SA28711
Cisco Wireless Control System Apache Tomcat JK Web Server Connector Buffer Overflow

Source: CCN
Type: SECTRACK ID: 1017719
Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: ASA-2007-094
mod_jk security update (RHSA-2007-0096)

Source: CCN
Type: ASA-2007-416
HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) (HPSBUX02262)

Source: CCN
Type: The Apache Tomcat Connect Changelog
Changes between 1.2.20 and 1.2.21

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: CCN
Type: Apache Tomcat Web site
Tomcat Connectors (mod_jk) Downloads

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: cisco-sa-20080130-wcs
Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability

Source: CCN
Type: GLSA-200703-16
Apache JK Tomcat Connector: Remote execution of arbitrary code

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-22791
Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
tomcat-mapuritoworker-bo(32794)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [03-02-2007]
Apache mod_jk 1.2.20 Buffer Overflow

Source: CCN
Type: ZDI-07-008
Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:apache:tomcat_jk_web_server_connector:1.2.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat_jk_web_server_connector:1.2.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.20:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:-:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_application_server:2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7729	P	p7zip-16.02-150200.14.9.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7751	P	pesign-0.112-150000.4.15.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:20070774	V	CVE-2007-0774	2022-06-30
oval:org.opensuse.security:def:42271	P	Security update for firewalld, golang-github-prometheus-prometheus (Important)	2022-04-27
oval:org.opensuse.security:def:111955	P	apache2-mod_jk-1.2.48-2.9 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:33046	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:32215	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:31698	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:105519	P	apache2-mod_jk-1.2.48-2.9 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:26132	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:33007	P	Security update for curl (Moderate)	2021-09-21
oval:org.opensuse.security:def:32159	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:32151	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:26093	P	Security update for dbus-1 (Important)	2021-07-21
oval:org.opensuse.security:def:6927	P	Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP1) (Important)	2021-07-15
oval:org.opensuse.security:def:6908	P	Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP1) (Important)	2021-06-18
oval:org.opensuse.security:def:36083	P	apache2-mod_jk-1.2.40-0.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42490	P	apache2-mod_jk-1.2.40-0.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:13261	P	apache2-mod_jk-1.2.40-1.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36517	P	mercurial-2.3.2-0.9.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46381	P	apache2-mod_jk-1.2.40-1.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36559	P	rubygem-activesupport-3_2-3.2.12-0.9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32107	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:35252	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:26058	P	Security update for postgresql10 (Moderate)	2021-05-27
oval:org.opensuse.security:def:7091	P	Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP2) (Important)	2021-05-25
oval:org.opensuse.security:def:42075	P	Security update for fribidi (Important)	2021-05-19
oval:org.opensuse.security:def:6893	P	Security update for the Linux Kernel (Important)	2021-05-18
oval:org.opensuse.security:def:26044	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:32085	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:7078	P	Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP2) (Important)	2021-04-28
oval:org.opensuse.security:def:31148	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:7060	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2) (Important)	2021-04-07
oval:org.opensuse.security:def:7069	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) (Important)	2021-04-07
oval:org.opensuse.security:def:31746	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:7027	P	Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1) (Important)	2021-03-17
oval:org.opensuse.security:def:26209	P	Security update for apache2 (Moderate)	2021-03-12
oval:org.opensuse.security:def:31354	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:32264	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:31343	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:31332	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:31331	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:26190	P	Security update for MozillaFirefox (Low)	2021-02-10
oval:org.opensuse.security:def:7002	P	Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1) (Important)	2021-02-10
oval:org.opensuse.security:def:26146	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:31222	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:31641	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:31635	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:32828	P	Security update for python36 (Important)	2020-12-11
oval:org.opensuse.security:def:6846	P	Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Important)	2020-12-07
oval:org.opensuse.security:def:32003	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:31561	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35660	P	NetworkManager-gnome-0.7.1-5.22.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35835	P	tomcat6-6.0.18-20.35.36.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35719	P	ipsec-tools-0.7.3-1.1.93 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35879	P	curl-7.19.7-1.26.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35768	P	libsndfile-1.0.20-2.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35668	P	apache2-mod_jk-1.2.26-1.30.110 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35807	P	perl-libwww-perl-5.816-2.23.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35864	P	apache2-mod_jk-1.2.26-1.30.110 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32046	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32789	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31859	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32369	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:35116	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25796	P	Security update for util-linux (Moderate)	2020-12-01
oval:org.opensuse.security:def:25951	P	Security update for pcsc-lite (Moderate)	2020-12-01
oval:org.opensuse.security:def:25295	P	Security update for python-ipaddress (Important)	2020-12-01
oval:org.opensuse.security:def:25840	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26863	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25426	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25974	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26311	P	Security update for openstack-nova and openstack-neutron (Moderate)	2020-12-01
oval:org.opensuse.security:def:27046	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25415	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:25632	P	Security update for aspell (Moderate)	2020-12-01
oval:org.opensuse.security:def:31912	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31785	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31916	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:31550	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:35353	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:31549	P	Security update for screen (Low)	2020-12-01
oval:org.opensuse.security:def:25504	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:25849	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25995	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25423	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25991	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:25490	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26350	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:27081	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25644	P	Security update for taglib (Low)	2020-12-01
oval:org.opensuse.security:def:25633	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:31446	P	Security update for popt	2020-12-01
oval:org.opensuse.security:def:31802	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:31956	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:6770	P	libtirpc-netconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31941	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:31417	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32303	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:35410	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:35021	P	Security update for gstreamer-0_10-plugins-base (Important)	2020-12-01
oval:org.opensuse.security:def:25561	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25898	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26633	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35020	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:25699	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:25219	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25618	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:26364	P	Security update for irssi (Low)	2020-12-01
oval:org.opensuse.security:def:25708	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:6778	P	libvte9 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31503	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31851	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:32594	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31137	P	Security update for kvm and libvirt	2020-12-01
oval:org.opensuse.security:def:31997	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31136	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31767	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32325	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:35500	P	Security update for postgresql-init (Moderate)	2020-12-01
oval:org.opensuse.security:def:35032	P	Security update for icu	2020-12-01
oval:org.opensuse.security:def:25645	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:25937	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26668	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25231	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25756	P	Security update for python, python-base, python-doc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26828	P	system-config-printer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25220	P	Security update for java-1_8_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:25917	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26262	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26408	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:25414	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25836	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:6800	P	openssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31590	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:31890	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:32633	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:5513	V	HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)	2015-04-20

BACK