Products
Apache Tomcat Connectors
- 1.2.9-beta - 1.2.49
Source
security@apache.org
Tags
CVE-2024-46544 details
Published : Sept. 23, 2024, 11:15 a.m.
Last Modified : Sept. 23, 2024, 11:15 a.m.
Last Modified : Sept. 23, 2024, 11:15 a.m.
Description
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-276 | Incorrect Default Permissions | During installation, installed file permissions are set to allow anyone to modify those files. |
References
| URL | Source |
|---|---|
| https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d | security@apache.org |
This website uses the NVD API, but is not approved or certified by it.