CVE-2006-7197

Description

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the `ajp_process_callback` in mod_jk, which allows remote attackers to read portions of sensitive memory.

How to fix CVE-2006-7197

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Maven/org.apache.tomcat:tomcat—no fix listed

Is CVE-2006-7197 being exploited?

Low — EPSS is 2.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 5.5.15

References (20)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2006-7197
• PATCHgithub.com/apache/tomcat
• WEBissues.apache.org/bugzilla/show_bug.cgi?id=38859
• WEBaccess.redhat.com/errata/RHSA-2008:0261