create a virtual host mapping rule. The length checks prior to writing
to the target buffer for this rule did not take account of the length of
the virtual host name, creating the potential for a buffer overflow.
It is not known if this overflow is exploitable.
[/q]
The issue is caused by incorrect hand
Hello,
the recent security announcement for Apache Tomcat JK (CVE-2016-6808)
mentions that only IIS/ISAPI specific code is vulnerable. This issue was
apparently fixed in [1]. The vulnerable code is in the
map_uri_to_worker_ext function which is used by the IIS, Apache 1.3 and
Apache 2.0
CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41
Description
The IIS/ISAPI specific code implements special handling when a virtual
host is present
July 2016 at 16:56, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Michael,
>>
>> On 7/18/16 10:10 AM, Christopher Schultz wrote:
>> > Michael,
>> >
>> >
BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Michael,
>
> On 7/18/16 10:10 AM, Christopher Schultz wrote:
> > Michael,
> >
> > On 7/18/16 8:53 AM, Michael Diener wrote:
> >> On 6 July 2016 at 00:09, Christopher Schultz
> >> <ch...@christophe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 7/18/16 10:10 AM, Christopher Schultz wrote:
> Michael,
>
> On 7/18/16 8:53 AM, Michael Diener wrote:
>> On 6 July 2016 at 00:09, Christopher Schultz
>> <ch...@christopherschultz.net> wrote:
>
>&g
oll() is part of the
POSIX.1-2001, not all supported platforms also support that standard.
So we'll probably need to have a fallback mode that uses select()
instead of poll() when poll() isn't available.
That probably also means that we need to detect the unavailability of
poll() and (a) issue a warning t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 7/18/16 8:53 AM, Michael Diener wrote:
> On 6 July 2016 at 00:09, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>
>>> From what I understand a buffer overflow would only happen for
>>> FD
On 6 July 2016 at 00:09, Christopher Schultz <ch...@christopherschultz.net>
wrote:
> > From what I understand a buffer overflow would only happen for
> > FD_SET if the fd_set gets over 1024 descriptors. I made sure that
> > my ulimit for open files is set and applied
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 7/5/16 11:31 AM, Michael Diener wrote:
> Alright, I did my homework this time and worked with a self
> compiled version of mod_jk (1.2.41). Still the same error is
> happening. I traced the buffer overflow down to
Alright, I did my homework this time and worked with a self compiled
version of mod_jk (1.2.41). Still the same error is happening. I traced the
buffer overflow down to line 291 in jk_connect.c (nb_connect):
280> do {
281>rc = connect(sd, (const struct sockaddr *)>sa.sin,
ad
Thank you Rainer!
On 29 June 2016 at 14:50, Rainer Jung wrote:
> Can you reproduce? Does it also happen on a test system?
It only happens on a live system and I'm not able to reproduce it.
> Latest we provide in the project is 1.2.41. It is pretty easy to compile
>
nvironment (build 1.6.0_45-b06)
Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)
/var/log/apache2/error.log
**** buffer overflow detected ***: /usr/sbin/apache2 terminated===
Backtrace:
=/lib/x86_64-linux-gnu/libc.so.6(+0x7329f)[0x7fe9aa7de29f]/lib/x86_64-linux-gnu
ava(TM) SE Runtime Environment (build 1.6.0_45-b06)
Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)
/var/log/apache2/error.log
**** buffer overflow detected ***: /usr/sbin/apache2 terminated===
Backtrace:
=/lib/x86_64-linux-gnu/libc.so.6(+0x7329f)[0x7f
reproduce the issue.
The JSP page reads and writes custom cookies.
Any ideas on what might be happening, or on how to get more information
(like what is actually in the header)?
Nov 15, 2010 11:48:00 PM org.apache.jk.common.MsgAjp cpBytes
SEVERE: Buffer overflow: buffer.len=8192 pos=8190 data=103
to emit messages for the
org.apache.jk package tree. It looks like the code is generating debug
messages if the logging system is configured to capture them.
Nov 15, 2010 11:48:00 PM org.apache.jk.common.MsgAjp cpBytes
SEVERE: Buffer overflow: buffer.len=8192 pos=8190 data=103
8192 is the default
bundled with Apache Tomcat/5.5.9
Our current environment is:
Windows 2003 SP1
JBOSS 4.0.2
JVM Version: 1.4.2_11-b06
Apache Tomcat/5.5.9
Our security scanner has picked up 2 security vulnerabilities on this
server.
Apache Cookie Buffer Overflow
HTTP Buffer Overflows
Our security scanner
17 matches
Mail list logo