{
  "id": "CVE-2006-7197",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2007-04-25T20:19:00.000",
  "lastModified": "2023-02-13T02:17:05.377",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory."
    },
    {
      "lang": "es",
      "value": "El conector AJP en Apache Tomcat 5.5.15 utiliza un longitud incorrecta para chunks, lo cual podr\u00eda provocar una lectura m\u00e1s all\u00e1 del l\u00edmite del b\u00fafer en ajp_process_callback en mod_jk, lo cual podr\u00eda permitir a atacantes remotos leer porciones de memoria sensibles.\r\n"
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=38859",
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.securityfocus.com/bid/28477",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
      "source": "secalert@redhat.com"
    }
  ]
}