Today > 2 Critical | 6 High | 8 Medium | 1 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-46544

Sept. 26, 2024, 1:32 p.m.

Product(s) Impacted

Apache Tomcat Connectors

  • 1.2.9-beta - 1.2.49

Description

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.

Weaknesses

CWE-276
Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE ID: 276

Date

Published: Sept. 23, 2024, 11:15 a.m.

Last Modified: Sept. 26, 2024, 1:32 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@apache.org

References

https://lists.apache.org/ security@apache.org