Upstream information
Description
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 7.5 |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA apache2-mod_jk-1.2.26-1.30.110 |
| SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA apache2-mod_jk-1.2.26-1.30.110 |
| SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA apache2-mod_jk-1.2.40-0.2.1 |
| SUSE Linux Enterprise Server 12 |
| Patchnames: SUSE Linux Enterprise Server 12 GA apache2-mod_jk-1.2.40-1.17 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-10625 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 02:11:14 2013CVE page last modified: Sat Nov 1 19:19:25 2025