CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-46544

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00082/1

CVE-2024-46544: Apache Tomcat Connectors vulnerable to incorrect default permissions. This flaw allows local users to view and modify shared memory containing mod_jk configuration, potentially leading to information disclosure and/or denial of service. The vulnerability affects Apache Tomcat Connectors versions 1.2.9-beta through 1.2.49, specifically impacting mod_jk on Unix-like systems, but not the ISAPI redirector or mod_jk on Windows. Despite a CVSS score of 0, SOCRadar has assigned an SVRS of 30, indicating a moderate risk, especially considering that it has been tagged as In The Wild. Upgrade to version 1.2.50 to mitigate this potential security issue. While the risk isn't critical, prompt patching is recommended to protect sensitive information.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-09-23
LAST MODIFIED2024-10-31

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-46544 | Apache mod_jk up to 1.2.49 on Unix JkShmFile Directive default permission
vuldb.com2024-09-27
CVE-2024-46544 | Apache mod_jk up to 1.2.49 on Unix JkShmFile Directive default permission | A vulnerability, which was classified as critical, was found in Apache mod_jk on Unix. This affects an unknown part of the component JkShmFile Directive Handler. The manipulation leads to incorrect default permissions. This vulnerability is uniquely identified as CVE-2024-46544. Attacking locally is a requirement. There is
cve-2024-46544
domains
urls
cves
CVE-2024-46544: Apache Tomcat Connectors: mod_jk: local users can view and modify configuration
2024-09-23
CVE-2024-46544: Apache Tomcat Connectors: mod_jk: local users can view and modify configuration | Posted by Mark Thomas on Sep 23Severity: moderate Affected versions: - Apache Tomcat Connectors 1.2.9-beta through 1.2.49 Description: Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of
seclists.org
rss
forum
news

Social Media

CVE-2024-46544 Incorrect Default Permissions in Apache Tomcat Connectors on Unix Systems An Incorrect Default Permissions problem exists in Apache Tomcat Connectors. This issue lets local users view and change sh... https://t.co/klezafIYpn
0
0
0
🚨 CVE-2024-46544: Critical vuln in Apache Tomcat Connectors <= 1.2.49 on Unix. Incorrect mod_jk default permissions. Upgrade immediately to mitigate risk of local attacks. #InfoSec #PatchNow
0
0
0
CVE-2024-46544 Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may … https://t.co/MNZQQeSpL1
0
1
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://lists.apache.org/thread/q1gp7cc38hs1r8gj8gfnopwznd5fpr4d

CWE Details

CWE IDCWE NameDescription
CWE-276Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence