Description

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.

INFO

Published Date :

2024-09-23T10:43:57.123Z

Last Modified :

2024-10-31T19:59:53.770Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2024-46544 vulnerability.

Vendors Products
Apache
  • Tomcat Connectors
Debian
  • Debian Linux
Redhat
  • Enterprise Linux
  • Jboss Core Services
  • Rhel E4s
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-46544.

URL Resource
http://www.openwall.com/lists/oss-security/2024/09/23/1 cve-icon
https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/10/msg00010.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-46544 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-46544 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact