Posted by Mark Thomas on Oct 11

CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
– Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41

Description
The IIS/ISAPI specific code implements special handling when a virtual
host is present. The virtual host name and the URI are concatenated to
create a virtual host mapping rule. The length checks prior to writing
to the target buffer for this…