2 Replies Latest reply on Apr 15, 2005 12:30 AM by k.badri

    mod_cookies security issue on JBoss/Tomcat

    k.badri

      We had an internal security scan run in our intranet and Norton reported this vulnerablity in Tomcat installed on JBoss. Any one else ran into this problem ? Any solutions to overcome this ?

      -----

      The Apache HTTP server has an optional module mod_cookies that could allow a remote attacker to overflow an internal buffer in the Web server and execute arbitrary bytecode on the Web server. The mod_cookies module is compiled into the Web server, and is not installed by default in any versions of Apache. Apache HTTP servers up to v1.1.1 may be vulnerable to this overflow, if this module has been compiled into the server.