| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Oct 2016 11:41:56 +0100 From: Mark Thomas <markt@...che.org> To: "users@...cat.apache.org" <users@...cat.apache.org> Cc: "dev@...cat.apache.org" <dev@...cat.apache.org>, "announce@...cat.apache.org" <announce@...cat.apache.org>, announce@...che.org Subject: [FD] [SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41 Description The IIS/ISAPI specific code implements special handling when a virtual host is present. The virtual host name and the URI are concatenated to create a virtual host mapping rule. The length checks prior to writing to the target buffer for this rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow. It is not known if this overflow is exploitable. Mitigation Users of affected versions should apply one of the following mitigations - Upgrade to Apache Tomcat JK ISAPI Connector 1.2.42 - Where available, use IIS configuration to restrict the maximum URI length to 4095 - (the length of the longest virtual host name) Credit: This issue was discovered by The Apache Tomcat Security Team. References: [1] http://tomcat.apache.org/security-jk.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists