[SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service

Mark Thomas Mon, 23 Sep 2024 03:41:15 -0700

CVE-2024-46544 Apache mod_jk - Information Disclosure / DoS


Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
- JK 1.2.9-1.2.49 (mod_jk on Unix like platforms only)

Description:

Incorrect default permissions for the memory mapped file configured bythe JkShmFile directive on Unix like systems allows local users to viewand/or modify the contents of the shared memory containing mod_jkconfiguration and status information. This could result in informationdisclosure and/or denial of service.


Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to mod_jk 1.2.50 or later

History:
2024-09-23 Original advisory

References:
[1] https://tomcat.apache.org/security-jk.html

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service

Reply via email to