I believe the version affected is REDHAT mod_jk, but you can
double-checked
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jayan
Chirayath Kurian
Sent: Monday, 5 March 2007 5:35 PM
To: [email protected]
Subject: [Dspace-tech] Apache Tomcat JK Web Server Connector
Hi!
Just received a message from our system administration regarding Apache
Tomcat. Any one has experienced this while accessing DSpace remotely.
Thanks,
Jayan.
Message summary:-
A vulnerability was reported in Apache Tomcat JK Web Server Connector. A
remote user can execute arbitrary code on the target system. A remote
user can send specially crafted URL that is longer than 4095 characters
to trigger a stack overflow in the map_uri_to_worker() function in the
'mod_jk.so' library and execute arbitrary code on the target system. The
code will run with the privileges of the target service.
[Version Affected]
Only versions 1.2.19 and 1.2.20 of the Apache Tomcat JK Web Server
Connector are affected.
Tomcat 4.1.34 and 5.5.20 are affected too.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
