Bug#1082713: libapache-mod-jk: CVE-2024-46544
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 24 21:42:28 BST 2024
Source: libapache-mod-jk
Version: 1:1.2.49-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for libapache-mod-jk.
CVE-2024-46544[0]:
| Incorrect Default Permissions vulnerability in Apache Tomcat
| Connectors allows local users to view and modify shared memory
| containing mod_jk configuration which may lead to information
| disclosure and/or denial of service. This issue affects Apache
| Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on
| Unix like systems is affected. Neither the ISAPI redirector nor
| mod_jk on Windows is affected. Users are recommended to upgrade to
| version 1.2.50, which fixes the issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-46544
https://www.cve.org/CVERecord?id=CVE-2024-46544
[1] https://www.openwall.com/lists/oss-security/2024/09/23/1
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list