Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6258Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache MOD JK

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
7.5HIGHNVD
EPSS
39.4%
top 2.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache MOD JKF5 Big-ip
Timeline
PublishedFeb 19
Latest updateMay 1

Description

Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDapache/mod_jk4 versions+3
NVDf5/big-ip9.2.3.30

Patches

Patch: www.kb.cert.orgPatch: www.securityfocus.comPatch: www.kb.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-876h-mvf6-c8m6: Multiple stack-based buffer overflows in the legacy mod_jk2 22022-05-01
CVEList
CVE-2007-6258: Multiple stack-based buffer overflows in the legacy mod_jk2 22008-02-18

💥Exploits & PoCs

1
Exploit-DB
Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow2008-04-06
CVE-2007-6258 — Apache MOD JK vulnerability | cvebase