Re: CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow

2016-10-07 18:02 GMT+03:00 Markus Koschany : > Hello, > > the recent security announcement for Apache Tomcat JK (CVE-2016-6808) > mentions that only IIS/ISAPI specific code is vulnerable. This issue was > apparently fixed in [1]. The vulnerable code is in the >

CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow

Hello, the recent security announcement for Apache Tomcat JK (CVE-2016-6808) mentions that only IIS/ISAPI specific code is vulnerable. This issue was apparently fixed in [1]. The vulnerable code is in the map_uri_to_worker_ext function which is used by the IIS, Apache 1.3 and Apache 2.0

[SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow

CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41 Description The IIS/ISAPI specific code implements special handling when a virtual host is present