Return-Path: <announce-return-3418-archive-asf-public=cust-asf.ponee.io@apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 0E3BC200B96
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu,  6 Oct 2016 12:55:00 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 0CCC8160AE0; Thu,  6 Oct 2016 10:55:00 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 3FB8D160AAD
	for <archive-asf-public@cust-asf.ponee.io>; Thu,  6 Oct 2016 12:54:59 +0200 (CEST)
Received: (qmail 49239 invoked by uid 500); 6 Oct 2016 10:54:43 -0000
Mailing-List: contact announce-help@apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:announce-help@apache.org>
List-Unsubscribe: <mailto:announce-unsubscribe@apache.org>
List-Post: <mailto:announce@apache.org>
List-Id: <announce.apache.org>
Delivered-To: mailing list announce@apache.org
Delivered-To: moderator for announce@apache.org
Received: (qmail 5892 invoked by uid 99); 6 Oct 2016 10:42:46 -0000
From: Mark Thomas <markt@apache.org>
Subject: [SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer
 overflow
To: "users@tomcat.apache.org" <users@tomcat.apache.org>
Cc: "announce@tomcat.apache.org" <announce@tomcat.apache.org>,
 announce@apache.org, "dev@tomcat.apache.org" <dev@tomcat.apache.org>
Message-ID: <d4132868-5af1-b8f3-b3b2-b32e86e2f822@apache.org>
Date: Thu, 6 Oct 2016 11:41:56 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
archived-at: Thu, 06 Oct 2016 10:55:00 -0000

CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41

Description
The IIS/ISAPI specific code implements special handling when a virtual
host is present. The virtual host name and the URI are concatenated to
create a virtual host mapping rule. The length checks prior to writing
to the target buffer for this rule did not take account of the length of
the virtual host name, creating the potential for a buffer overflow.
It is not known if this overflow is exploitable.

Mitigation
Users of affected versions should apply one of the following mitigations
- Upgrade to Apache Tomcat JK ISAPI Connector 1.2.42
- Where available, use IIS configuration to restrict the maximum URI
  length to 4095 - (the length of the longest virtual host name)

Credit:
This issue was discovered by The Apache Tomcat Security Team.


References:
[1] http://tomcat.apache.org/security-jk.html