The Apache Tomcat Connector versions 1.2.19 and 1.2.20 have a stack buffer overflow vulnerability in the map_uri_to_worker() in the mod_jk.so library, triggered by certain long URLs. This allows for arbitrary remote code execution.
Fix: The attached patch updates the www/mod_jk port to 1.2.21, which should have this vulnerability fixed. It would probably be a good idea to make note of this vulnerability in the VuXML document, as it appears to be rather severe.
Patch attached with submission follows:
How-To-Repeat: I have not seen any specific exploits.
Over to maintainer
girgen 2007-03-07 16:02:05 UTC
FreeBSD ports repository
www/mod_jk Makefile distinfo
Upgrade to 1.2.21 to fix a security issue.
Revision Changes Path
1.36 +1 -3 ports/www/mod_jk/Makefile
1.14 +3 -3 ports/www/mod_jk/distinfo
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"