CVE-2006-7197 — Buffer Over-read in Apache Tomcat

CWE-126 — Buffer Over-read6 documents6 sources

Severity

7.8HIGHNVD

EPSS

2.6%

top 14.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedApr 25

Latest updateMay 1

Description

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDapache/tomcat5.5.15

Patches

Patch: issues.apache.org ↗Patch: issues.apache.org ↗

🔴Vulnerability Details

OSV

Apache Tomcat Buffer Over-Read↗2022-05-01

▶

GHSA

Apache Tomcat Buffer Over-Read↗2022-05-01

▶

CVEList

CVE-2006-7197: The AJP connector in Apache Tomcat 5↗2007-04-25

▶

📋Vendor Advisories

Red Hat

mod_jk chunk too long↗2006-03-05

▶

💬Community

Bugzilla

CVE-2006-7197 mod_jk chunk too long↗2008-01-29

▶