NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
For those of you who use mod_jk, please upgrade to the latest version. ---------- Forwarded message --------- From: Mark Thomas <markt@xxxxxxxxxx> Date: Mon, Sep 23, 2024 at 4:43 AM Subject: [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service To: Tomcat Users List <users@xxxxxxxxxxxxxxxxx> Cc: Tomcat Developers List <dev@xxxxxxxxxxxxxxxxx>, <announce@xxxxxxxxxx>, announce@xxxxxxxxxxxxxxxxx <announce@xxxxxxxxxxxxxxxxx> CVE-2024-46544 Apache mod_jk - Information Disclosure / DoS Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - JK 1.2.9-1.2.49 (mod_jk on Unix like platforms only) Description: Incorrect default permissions for the memory mapped file configured by the JkShmFile directive on Unix like systems allows local users to view and/or modify the contents of the shared memory containing mod_jk configuration and status information. This could result in information disclosure and/or denial of service. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to mod_jk 1.2.50 or later History: 2024-09-23 Original advisory References: [1] https://tomcat.apache.org/security-jk.html -- ------------------------------------------------------------------------------------ Jennifer Oxelson Ganter NSF Unidata Software Engineer IV P.O. Box 3000 oxelson@xxxxxxxx Boulder, CO 80307 ------------------------------------------------------------------------------------
thredds archives: