Lucene search
Apache TomcatTOMCAT:F270B688D31CE8B4D2211FBA4D3A755CHistorySep 11, 2024 - 12:00 a.m.
Fixed in Apache Tomcat JK Connector 1.2.50
2024-09-1100:00:00
Apache Tomcat
tomcat.apache.org
2
apache tomcat
jk connector
information disclosure
denial of service
cve-2024-46544
unix systems
memory mapped file
Moderate: Information disclosure / Denial of service CVE-2024-46544
Incorrect default permissions for the memory mapped file configured by the JkShmFile directive on Unix like systems allows local users to view and/or modify the contents of the shared memory containing mod_jk configuration and status information. This could result in information disclosure and/or denial of service.
This was fixed with commit d55706e9.
This issue was identified by the Tomcat Security Team on 6 August 2024. The issue was made public on 23 September 2024.
Affects: JK 1.2.9-1.2.49 (mod_jk on Unix like platforms only)
Affected configurations
Node
apachetomcat_connectorsRange≤1.2.49
ORapachetomcat_connectorsRange1.2.9≥
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apache | tomcat_connectors | * | cpe:2.3:a:apache:tomcat_connectors:*:*:*:*:*:*:*:* |
Related
redhatcve
redhatcve
CVE-2024-46544
2024-09-23 13:12:19
vulnrichment
vulnrichment
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0315)
2024-09-27 00:00:00
cvelist
cvelist
osv
osv
CVE-2024-46544
2024-09-23 11:15:10
UBUNTU-CVE-2024-46544
2024-09-23 11:15:00
mageia
mageia
Updated apache-mod_jk packages fix security vulnerability
2024-09-27 04:30:52
nvd
nvd
CVE-2024-46544
2024-09-23 11:15:10
cve
cve
CVE-2024-46544
2024-09-23 11:15:10
debiancve
debiancve
CVE-2024-46544
2024-09-23 11:15:10