Bug#1082713: libapache-mod-jk: CVE-2024-46544

Salvatore Bonaccorso carnil at debian.org
Tue Sep 24 21:42:28 BST 2024


Source: libapache-mod-jk
Version: 1:1.2.49-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>

Hi,

The following vulnerability was published for libapache-mod-jk.

CVE-2024-46544[0]:
| Incorrect Default Permissions vulnerability in Apache Tomcat
| Connectors allows local users to view and modify shared memory
| containing mod_jk configuration which may lead to information
| disclosure and/or denial of service.  This issue affects Apache
| Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on
| Unix like systems is affected. Neither the ISAPI redirector nor
| mod_jk on Windows is affected.  Users are recommended to upgrade to
| version 1.2.50, which fixes the issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-46544
    https://www.cve.org/CVERecord?id=CVE-2024-46544
[1] https://www.openwall.com/lists/oss-security/2024/09/23/1

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



More information about the pkg-java-maintainers mailing list