High

CVE-2007-6258 - Buffer Errors vulnerability in multiple products

Publication: 2008-02-19
Summary

Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.

Classification
CWE-119: Buffer Errors

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Apache Software Foundation MOD JK 2.0
  • Apache Software Foundation MOD JK 2.0.1
  • Apache Software Foundation MOD JK 2.0.2
  • Apache Software Foundation MOD JK 2.0.3_dev
  • F5 BIG-IP 9.2.3.30