Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-46544

Опубликовано: 23 сент. 2024
Источник: redhat
CVSS3: 5.9

Описание

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.

An Incorrect Default Permissions vulnerability was found in Apache Tomcat Connectors that allows local users to view and modify shared memory containing mod_jk configuration, which may lead to information disclosure and denial of service.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-276
https://bugzilla.redhat.com/show_bug.cgi?id=2314194mod_jk: information Disclosure / DoS

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-46544

CVSS3: 5.9
ubuntu
больше 1 года назад

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.

nvd логотип

CVE-2024-46544

CVSS3: 5.9
nvd
больше 1 года назад

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.

debian логотип

CVE-2024-46544

CVSS3: 5.9
debian
больше 1 года назад

Incorrect Default Permissions vulnerability in Apache Tomcat Connector ...

suse-cvrf логотип

SUSE-SU-2025:0143-1

suse-cvrf
12 месяцев назад

Security update for apache2-mod_jk

rocky логотип

RLSA-2024:7457

rocky
8 месяцев назад

Moderate: mod_jk bug fix update

5.9 Medium

CVSS3