| Description: | | There exists a stack overflow vulnerability in Apache Tomcat JK Web Server Connector. The vulnerability is due to a boundary error in URL handler of the affected module. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the target host. Successful exploitation would allow the attacker to execute arbitrary code on the vulnerable system with privileges of the running process, normally System. In a sophisticated attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, which is normally the System. In an attack case where code injection is not successful, the affected server will terminate and all established connections will also be terminated. |