Intrusion Prevention

Apache.Tomcat.JK.Web.Server.Connector.Long.URL.Stack.Overflow

Description

This indicates an attack attempt to exploit a Buffer Overflow vulnerability in Apache Tomcat.
The vulnerability is due to an improper boundary check condition in the application when parsing overly long URI. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted HTTP request.

Affected Products

Tomcat JK Web Server Connector 1.2.19
Tomcat JK Web Server Connector 1.2.20
Tomcat 4.1.34
Tomcat 5.5.20

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version available from the website.
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

CVE References

CVE-2007-0774 CVE-2002-1992