Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-y2ux-nm69-uuam
Vulnerability ID VCID-y2ux-nm69-uuam
Aliases CVE-2007-0774
Summary The Apache Tomcat Connector (mod_jk) contains a buffer overflow vulnerability that could result in the remote execution of arbitrary code.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.88357 https://api.first.org/data/v1/epss?cve=CVE-2007-0774
epss 0.88357 https://api.first.org/data/v1/epss?cve=CVE-2007-0774
epss 0.88357 https://api.first.org/data/v1/epss?cve=CVE-2007-0774
epss 0.88357 https://api.first.org/data/v1/epss?cve=CVE-2007-0774
epss 0.88357 https://api.first.org/data/v1/epss?cve=CVE-2007-0774
epss 0.88357 https://api.first.org/data/v1/epss?cve=CVE-2007-0774
epss 0.88357 https://api.first.org/data/v1/epss?cve=CVE-2007-0774
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2007-0774
Reference id Reference type URL
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0774.json
https://api.first.org/data/v1/epss?cve=CVE-2007-0774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774
http://secunia.com/advisories/24398
http://secunia.com/advisories/24558
http://secunia.com/advisories/27037
http://secunia.com/advisories/28711
http://securitytracker.com/id?1017719
https://exchange.xforce.ibmcloud.com/vulnerabilities/32794
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5513
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
http://tomcat.apache.org/security-jk.html
http://www.cisco.com/en/US/products/products_security_advisory09186a008093f040.shtml
http://www.gentoo.org/security/en/glsa/glsa-200703-16.xml
http://www.redhat.com/support/errata/RHSA-2007-0096.html
http://www.securityfocus.com/archive/1/461734/100/0/threaded
http://www.securityfocus.com/bid/22791
http://www.vupen.com/english/advisories/2007/0809
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2008/0331
1618272 https://bugzilla.redhat.com/show_bug.cgi?id=1618272
cpe:2.3:a:apache:tomcat_jk_web_server_connector:1.2.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat_jk_web_server_connector:1.2.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat_jk_web_server_connector:1.2.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat_jk_web_server_connector:1.2.20:*:*:*:*:*:*:*
CVE-2007-0774 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4162.c
CVE-2007-0774 https://nvd.nist.gov/vuln/detail/CVE-2007-0774
CVE-2007-0774;OSVDB-33855 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16798.rb
CVE-2007-0774;OSVDB-33855 Exploit http://www.zerodayinitiative.com/advisories/ZDI-07-008.html
GLSA-200703-16 https://security.gentoo.org/glsa/200703-16
RHSA-2007:0096 https://access.redhat.com/errata/RHSA-2007:0096
RHSA-2007:0164 https://access.redhat.com/errata/RHSA-2007:0164
Data source Exploit-DB
Date added July 25, 2010
Description Apache Tomcat mod_jk 1.2.20 - Remote Buffer Overflow (Metasploit)
Ransomware campaign use Known
Source publication date July 25, 2010
Exploit type remote
Platform windows
Source update date Oct. 27, 2016
Source URL http://www.zerodayinitiative.com/advisories/ZDI-07-008.html
Data source Metasploit
Description This is a stack buffer overflow exploit for mod_jk 1.2.20. Should work on any Win32 OS.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date March 2, 2007
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/http/apache_modjk_overflow.rb
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-0774
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.9949
EPSS Score 0.88357
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:10:16.667724+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/200703-16 38.0.0