Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <7ec6aab8-7508-4bc7-80bb-80c14509f51c@apache.org>
Date: Mon, 23 Sep 2024 11:51:56 +0100
From: Mark Thomas <markt@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2024-46544: Apache Tomcat Connectors: mod_jk: local users can
 view and modify configuration

Severity: moderate

Affected versions:
- Apache Tomcat Connectors 1.2.9-beta through 1.2.49

Description:

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors 
allows local users to view and modify shared memory containing mod_jk 
configuration which may lead to information disclosure and/or denial of 
service.

This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 
1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI 
redirector nor mod_jk on Windows is affected.

Users are recommended to upgrade to version 1.2.50, which fixes the issue.

References:

https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d
https://tomcat.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-46544

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.