Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.
History

Thu, 07 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:9.2
Vendors & Products Redhat rhel E4s
Redhat rhel Eus

Wed, 09 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat enterprise Linux

Wed, 02 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat jboss Core Services
CPEs cpe:/a:redhat:jboss_core_services:1
cpe:/a:redhat:jboss_core_services:1::el7
cpe:/a:redhat:jboss_core_services:1::el8
Vendors & Products Redhat
Redhat jboss Core Services

Mon, 23 Sep 2024 20:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

threat_severity

Moderate


Mon, 23 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 23 Sep 2024 10:45:00 +0000

Type Values Removed Values Added
Description Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.
Title Apache Tomcat Connectors: mod_jk: local users can view and modify configuration
Weaknesses CWE-276
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-09-23T10:43:57.123Z

Updated: 2024-10-31T19:59:53.770Z

Reserved: 2024-09-11T07:19:56.829Z

Link: CVE-2024-46544

cve-icon Vulnrichment

Updated: 2024-10-14T21:02:40.154Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-23T11:15:10.563

Modified: 2024-10-31T20:35:06.390

Link: CVE-2024-46544

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-09-23T11:15:10Z

Links: CVE-2024-46544 - Bugzilla