Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service.
This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected.
Users are recommended to upgrade to version 1.2.50, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 07 Nov 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel E4s
Redhat rhel Eus |
|
CPEs | cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:9.2 |
|
Vendors & Products |
Redhat rhel E4s
Redhat rhel Eus |
Wed, 09 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat enterprise Linux
|
|
CPEs | cpe:/a:redhat:enterprise_linux:9 | |
Vendors & Products |
Redhat enterprise Linux
|
Wed, 02 Oct 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat jboss Core Services |
|
CPEs | cpe:/a:redhat:jboss_core_services:1 cpe:/a:redhat:jboss_core_services:1::el7 cpe:/a:redhat:jboss_core_services:1::el8 |
|
Vendors & Products |
Redhat
Redhat jboss Core Services |
Mon, 23 Sep 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Mon, 23 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 23 Sep 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue. | |
Title | Apache Tomcat Connectors: mod_jk: local users can view and modify configuration | |
Weaknesses | CWE-276 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-09-23T10:43:57.123Z
Updated: 2024-10-31T19:59:53.770Z
Reserved: 2024-09-11T07:19:56.829Z
Link: CVE-2024-46544
Vulnrichment
Updated: 2024-10-14T21:02:40.154Z
NVD
Status : Awaiting Analysis
Published: 2024-09-23T11:15:10.563
Modified: 2024-11-21T09:38:43.193
Link: CVE-2024-46544
Redhat