=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN048
_____________________________________________________________________

DATE                      : 15/02/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running mod_jk2 Apache module.

======================================================================
http://www.kb.cert.org/vuls/id/771937
______________________________________________________________________

US-CERT Vulnerability Note VU#771937

Apache mod_jk2 host header buffer overflow

Overview

    A vulnerability exists the legacy version of the mod_jk2 Apache
    module. If successfully exploited, an attacker may be able to run
    arbitrary code on affected system.

I. Description

    The host header allows HTTP 1.1 (RFC 2616) compliant servers to
    host multiple domains using a single IP address.

    Per the IOActive Security Advisory Multiple Buffer Overflows in
    legacy mod_jk2 apache module 2.0.3-DEV and earlier:
        mod_jk2 versions less than 2.0.4 are vulnerable to multiple stack
        overflow vulnerabilities. Specifically, IOActive has discovered
        multiple locations where these vulnerabilities are exploitable via
        the Host request header in any given request. These overflows all
        result in remote code execution under the user of the running apache
        process.  Although a legacy module which is end of life, certain
        vendors may use this module in their products rendering them
        vulnerable to remote exploitation.

II. Impact

    A remote, unauthenticated attacker may be able to execute arbitrary
    code.

III. Solution

    Upgrade

    mod_jk2 2.0.4 addresses this issue.

Systems Affected

    Vendor                         Status     Date Updated
    Apache HTTP Server Project     Vulnerable 14-Feb-2008

References

 
http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf
    http://today.java.net/pub/n/mod_jk22.0.4
    http://www.w3.org/Protocols/rfc2616/rfc2616.html
    http://www.jmarshall.com/easy/http/#http1.1c1

Credit

    Thanks to IOActive for information that was used in this report.

    This document was written by Ryan Giobbi.

Other Information

                 Date Public 02/13/2008
        Date First Published 02/14/2008 08:19:59 AM
           Date Last Updated 02/14/2008
               CERT Advisory
                    CVE Name CVE-2007-6258
    US-CERT Technical Alerts
                      Metric 4.80
           Document Revision 7


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================