2016-10-07 18:02 GMT+03:00 Markus Koschany :
> Hello,
>
> the recent security announcement for Apache Tomcat JK (CVE-2016-6808)
> mentions that only IIS/ISAPI specific code is vulnerable. This issue was
> apparently fixed in [1]. The vulnerable code is in the
>
Hello,
the recent security announcement for Apache Tomcat JK (CVE-2016-6808)
mentions that only IIS/ISAPI specific code is vulnerable. This issue was
apparently fixed in [1]. The vulnerable code is in the
map_uri_to_worker_ext function which is used by the IIS, Apache 1.3 and
Apache 2.0
CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41
Description
The IIS/ISAPI specific code implements special handling when a virtual
host is present