Posted by Mark Thomas on Oct 11
CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
– Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41
Description
The IIS/ISAPI specific code implements special handling when a virtual
host is present. The virtual host name and the URI are concatenated to
create a virtual host mapping rule. The length checks prior to writing
to the target buffer for this…