VYPR

Tomcat Jk Web Server Connector

by Apache

CVEs (2)

  • CVE-2007-0774Mar 4, 2007
    risk 0.10cvss epss 0.82

    Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that…

  • CVE-2007-1860May 25, 2007
    risk 0.01cvss epss 0.13

    mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded ..…