[thredds] Fwd: [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service

  • To: THREDDS community <thredds@xxxxxxxxxxxxxxxx>
  • Subject: [thredds] Fwd: [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service
  • From: Jennifer Oxelson Ganter <oxelson@xxxxxxxx>
  • Date: Mon, 23 Sep 2024 08:18:05 -0600
For those of you who use mod_jk, please upgrade to the latest version.

---------- Forwarded message ---------
From: Mark Thomas <markt@xxxxxxxxxx>
Date: Mon, Sep 23, 2024 at 4:43 AM
Subject: [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure /
Denial of Service
To: Tomcat Users List <users@xxxxxxxxxxxxxxxxx>
Cc: Tomcat Developers List <dev@xxxxxxxxxxxxxxxxx>, <announce@xxxxxxxxxx>,
announce@xxxxxxxxxxxxxxxxx <announce@xxxxxxxxxxxxxxxxx>


CVE-2024-46544 Apache mod_jk - Information Disclosure / DoS

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
- JK 1.2.9-1.2.49 (mod_jk on Unix like platforms only)

Description:
Incorrect default permissions for the memory mapped file configured by
the JkShmFile directive on Unix like systems allows local users to view
and/or modify the contents of the shared memory containing mod_jk
configuration and status information. This could result in information
disclosure and/or denial of service.

Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to mod_jk 1.2.50 or later

History:
2024-09-23 Original advisory

References:
[1] https://tomcat.apache.org/security-jk.html


-- 
------------------------------------------------------------------------------------
Jennifer Oxelson Ganter                                       NSF Unidata
Software Engineer IV                                          P.O. Box 3000
oxelson@xxxxxxxx                                       Boulder, CO 80307
------------------------------------------------------------------------------------
  • 2024 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: