7.8
HIGH

CVE-2006-7197

Published: 25/04/2007 Updated: 05/09/2008
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

Vulnerability Summary

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: COMPLETE
Integrity Impact: NONE
Availability Impact: NONE

Affected Products

Vendor Product Versions
ApacheTomcat5.5.15

References