CVE-2024-46544
- Source
- https://cve.org/CVERecord?id=CVE-2024-46544
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46544.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-46544
- Downstream
- Related
- Published
- 2024-09-23T10:43:57.123Z
- Modified
- 2026-06-18T03:55:42.499378058Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Apache Tomcat Connectors: mod_jk: local users can view and modify configuration
- Details
-
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service.
This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only modjk on Unix like systems is affected. Neither the ISAPI redirector nor modjk on Windows is affected.
Users are recommended to upgrade to version 1.2.50, which fixes the issue.
- Database specific
{ "cwe_ids": [ "CWE-276" ], "cna_assigner": "apache", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/46xxx/CVE-2024-46544.json", "unresolved_ranges": [ { "extracted_events": [ { "introduced": "1.2.9-beta" }, { "last_affected": "1.2.49" } ], "source": "AFFECTED_FIELD" }, { "extracted_events": [ { "introduced": "1.2.9-beta" }, { "fixed": "1.2.49" } ], "source": "DESCRIPTION" } ] }- References
-
- http://www.openwall.com/lists/oss-security/2024/09/23/1
- https://lists.debian.org/debian-lts-announce/2024/10/msg00010.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/46xxx/CVE-2024-46544.json
- https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d
- https://nvd.nist.gov/vuln/detail/CVE-2024-46544