Moderate: Information disclosure / Denial of service CVE-2024-46544
Incorrect default permissions for the memory mapped file configured by the JkShmFile directive on Unix like systems allows local users to view and/or modify the contents of the shared memory containing mod_jk configuration and status information. This could result in information disclosure and/or denial of service.
This was fixed with commit d55706e9.
This issue was identified by the Tomcat Security Team on 6 August 2024. The issue was made public on 23 September 2024.
Affects: JK 1.2.9-1.2.49 (mod_jk on Unix like platforms only)
Vendor | Product | Version | CPE |
---|---|---|---|
apache | tomcat_connectors | * | cpe:2.3:a:apache:tomcat_connectors:*:*:*:*:*:*:*:* |