vulnerability
Red Hat: CVE-2024-46544: mod_jk: information Disclosure / DoS (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Sep 23, 2024 | Oct 9, 2024 | Sep 29, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Sep 23, 2024
Added
Oct 9, 2024
Modified
Sep 29, 2025
Description
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service.
This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected.
Users are recommended to upgrade to version 1.2.50, which fixes the issue.
Solutions
redhat-upgrade-mod_jkredhat-upgrade-mod_jk-debuginforedhat-upgrade-mod_jk-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.