Re: CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow

create a virtual host mapping rule. The length checks prior to writing to the target buffer for this rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow. It is not known if this overflow is exploitable. [/q] The issue is caused by incorrect hand

CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow

Hello, the recent security announcement for Apache Tomcat JK (CVE-2016-6808) mentions that only IIS/ISAPI specific code is vulnerable. This issue was apparently fixed in [1]. The vulnerable code is in the map_uri_to_worker_ext function which is used by the IIS, Apache 1.3 and Apache 2.0

[SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow

CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41 Description The IIS/ISAPI specific code implements special handling when a virtual host is present

Re: mod-jk (1.2.37) crashes Apache 2 (2.4.7) occasionally with a buffer overflow on Ubuntu 14.04 x64

July 2016 at 16:56, Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Michael, >> >> On 7/18/16 10:10 AM, Christopher Schultz wrote: >> > Michael, >> > >> >

Re: mod-jk (1.2.37) crashes Apache 2 (2.4.7) occasionally with a buffer overflow on Ubuntu 14.04 x64

BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Michael, > > On 7/18/16 10:10 AM, Christopher Schultz wrote: > > Michael, > > > > On 7/18/16 8:53 AM, Michael Diener wrote: > >> On 6 July 2016 at 00:09, Christopher Schultz > >> <ch...@christophe

Re: mod-jk (1.2.37) crashes Apache 2 (2.4.7) occasionally with a buffer overflow on Ubuntu 14.04 x64

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Michael, On 7/18/16 10:10 AM, Christopher Schultz wrote: > Michael, > > On 7/18/16 8:53 AM, Michael Diener wrote: >> On 6 July 2016 at 00:09, Christopher Schultz >> <ch...@christopherschultz.net> wrote: > >&g

Re: mod-jk (1.2.37) crashes Apache 2 (2.4.7) occasionally with a buffer overflow on Ubuntu 14.04 x64

oll() is part of the POSIX.1-2001, not all supported platforms also support that standard. So we'll probably need to have a fallback mode that uses select() instead of poll() when poll() isn't available. That probably also means that we need to detect the unavailability of poll() and (a) issue a warning t

Re: mod-jk (1.2.37) crashes Apache 2 (2.4.7) occasionally with a buffer overflow on Ubuntu 14.04 x64

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Michael, On 7/18/16 8:53 AM, Michael Diener wrote: > On 6 July 2016 at 00:09, Christopher Schultz > <ch...@christopherschultz.net> wrote: > >>> From what I understand a buffer overflow would only happen for >>> FD

Re: mod-jk (1.2.37) crashes Apache 2 (2.4.7) occasionally with a buffer overflow on Ubuntu 14.04 x64

On 6 July 2016 at 00:09, Christopher Schultz <ch...@christopherschultz.net> wrote: > > From what I understand a buffer overflow would only happen for > > FD_SET if the fd_set gets over 1024 descriptors. I made sure that > > my ulimit for open files is set and applied

Re: mod-jk (1.2.37) crashes Apache 2 (2.4.7) occasionally with a buffer overflow on Ubuntu 14.04 x64

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Michael, On 7/5/16 11:31 AM, Michael Diener wrote: > Alright, I did my homework this time and worked with a self > compiled version of mod_jk (1.2.41). Still the same error is > happening. I traced the buffer overflow down to

Re: mod-jk (1.2.37) crashes Apache 2 (2.4.7) occasionally with a buffer overflow on Ubuntu 14.04 x64

Alright, I did my homework this time and worked with a self compiled version of mod_jk (1.2.41). Still the same error is happening. I traced the buffer overflow down to line 291 in jk_connect.c (nb_connect): 280> do { 281>rc = connect(sd, (const struct sockaddr *)>sa.sin, ad

Re: mod-jk (1.2.37) crashes Apache 2 (2.4.7) occasionally with a buffer overflow on Ubuntu 14.04 x64

Thank you Rainer! On 29 June 2016 at 14:50, Rainer Jung wrote: > Can you reproduce? Does it also happen on a test system? It only happens on a live system and I'm not able to reproduce it. > Latest we provide in the project is 1.2.41. It is pretty easy to compile >

Re: mod-jk (1.2.37) crashes Apache 2 (2.4.7) occasionally with a buffer overflow on Ubuntu 14.04 x64

nvironment (build 1.6.0_45-b06) Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode) /var/log/apache2/error.log **** buffer overflow detected ***: /usr/sbin/apache2 terminated=== Backtrace: =/lib/x86_64-linux-gnu/libc.so.6(+0x7329f)[0x7fe9aa7de29f]/lib/x86_64-linux-gnu

mod-jk (1.2.37) crashes Apache 2 (2.4.7) occasionally with a buffer overflow on Ubuntu 14.04 x64

ava(TM) SE Runtime Environment (build 1.6.0_45-b06) Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode) /var/log/apache2/error.log **** buffer overflow detected ***: /usr/sbin/apache2 terminated=== Backtrace: =/lib/x86_64-linux-gnu/libc.so.6(+0x7329f)[0x7f

Buffer Overflow

reproduce the issue. The JSP page reads and writes custom cookies. Any ideas on what might be happening, or on how to get more information (like what is actually in the header)? Nov 15, 2010 11:48:00 PM org.apache.jk.common.MsgAjp cpBytes SEVERE: Buffer overflow: buffer.len=8192 pos=8190 data=103

Re: Buffer Overflow

to emit messages for the org.apache.jk package tree. It looks like the code is generating debug messages if the logging system is configured to capture them. Nov 15, 2010 11:48:00 PM org.apache.jk.common.MsgAjp cpBytes SEVERE: Buffer overflow: buffer.len=8192 pos=8190 data=103 8192 is the default

Re: Apache Cookie Buffer Overflow

bundled with Apache Tomcat/5.5.9 Our current environment is: Windows 2003 SP1 JBOSS 4.0.2 JVM Version: 1.4.2_11-b06 Apache Tomcat/5.5.9 Our security scanner has picked up 2 security vulnerabilities on this server. Apache Cookie Buffer Overflow HTTP Buffer Overflows Our security scanner